EUVD-2026-19790
GHSA-9h9m-rr67-9jpg
CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
4Tags
Description
coursevault-preview is a utility for previewing course material files from a configured directory. coursevault-preview versions prior to 0.1.1 contain a path traversal vulnerability in the resolveSafe utility. The boundary check used String.prototype.startsWith(baseDir) on a normalized path, which does not enforce a directory boundary. An attacker who controls the relativePath argument to affected CoursevaultPreview methods may be able to read files outside the configured baseDir when a sibling directory exists whose name shares the same string prefix. This vulnerability is fixed in 0.1.1.
Analysis
Path traversal in coursevault-preview versions before 0.1.1 allows local attackers without authentication to read arbitrary files outside the configured base directory by exploiting a flawed boundary check in the resolveSafe utility. The vulnerability exists because the code uses String.prototype.startsWith() to validate normalized paths, which fails to enforce proper directory boundaries when sibling directories share the same string prefix. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today