jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Normalize host path to prevent access to arbitrary paths

Browse Source
This commit is contained in:
Girish Ramakrishnan
2018-06-22 08:29:08 -07:00
parent 24d9d3063b
commit 5ca64dd642
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/addons.js
View File

@@ -219,7 +219,7 @@ function getBindsSync(app, addons) {
for (let mount of addons[addon].bindMounts) {
let [ host, container ] = mount.split(':');
binds.push(path.join(paths.APPS_DATA_DIR, app.id, 'data', host) + ':' + container);
binds.push(path.join(paths.APPS_DATA_DIR, app.id, 'data', path.normalize(host)) + ':' + container);
}
break;
default: break;