CVE-2024-36116

Name of the Vulnerable Software and Affected Versions: Reposilite versions prior to 3.5.12

Description: The issue is related to the expansion of Javadoc archives in Reposilite, where the file.name taken from the archive can contain path traversal characters, allowing an attacker to overwrite any local file on the Reposilite instance. This could lead to remote code execution, for example by placing a new plugin into the '$workspace$/plugins' directory. Alternatively, an attacker can overwrite the content of any other package. The attacker can use its own malicious package from Maven Central to overwrite any other package on Reposilite.

Recommendations: For versions prior to 3.5.12, upgrade to version 3.5.12 or later to resolve the issue. As a temporary workaround, consider normalizing the file.name variable before concatenating it with javadocUnpackPath to prevent path traversal attacks. For example, use val path = Paths.get(javadocUnpackPath.toString() + "/" + Paths.get(file.name).normalize().toString()) in the JavadocContainerService.kt file.