Whistle
Monthly
Arbitrary file read in the Whistle debugging proxy (avwo/whistle) before 2.10.3 lets remote attackers retrieve any file on the host by abusing the GET /cgi-bin/temp/get endpoint. Because lib/service/service.js only sanitizes req.query.filename when it matches the temporary-file pattern and otherwise hands the raw filename to getFile, a value like ../../../../etc/passwd escapes TEMP_FILES_PATH and is served back. The CVSS 4.0 score is 8.7 (high) with a confidentiality-only impact; there is no public exploit identified at time of analysis, and the flaw is fixed in 2.10.3.
Arbitrary file read in the Whistle debugging proxy (avwo/whistle) before 2.10.3 lets remote attackers retrieve any file on the host by abusing the GET /cgi-bin/temp/get endpoint. Because lib/service/service.js only sanitizes req.query.filename when it matches the temporary-file pattern and otherwise hands the raw filename to getFile, a value like ../../../../etc/passwd escapes TEMP_FILES_PATH and is served back. The CVSS 4.0 score is 8.7 (high) with a confidentiality-only impact; there is no public exploit identified at time of analysis, and the flaw is fixed in 2.10.3.