CVE-2024-55602

Name of the Vulnerable Software and Affected Versions PwnDoc versions prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6

Description The issue is related to the res.download() function in the template.js script, which is part of the PwnDoc tool for automating report documentation. It allows an authenticated user who can update and download templates to inject path traversal (../) sequences into the file extension property, enabling them to read arbitrary files on the system. This can be exploited by a remote attacker.

Recommendations For versions prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, update to a version that includes the patch from commit 1d4219c596f4f518798492e48386a20c6e9a2fe6 to resolve the issue. As a temporary workaround, consider restricting access to the template.js script and limiting the ability to update and download templates to trusted users only. Avoid using the file extension property in the res.download() function until the issue is resolved.