Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseRUSTSEC-2022-0069
RUSTSEC-2022-0069:
Rust vulnerability analysis and mitigation
Overview
A path traversal vulnerability was discovered in hyper-staticfile (RUSTSEC-2022-0069) that allows attackers to access arbitrary files from different drives on Windows systems. The vulnerability was reported on November 29, 2022, affecting the hyper-staticfile library, which is used for serving static files in Rust web applications (GitHub Issue).
Technical details
The vulnerability exists in the path handling mechanism of hyper-staticfile. When the server is started from one drive (e.g., D:), attackers can access files from other drives (e.g., C:) by crafting specific URLs. For example, a request to 'http://127.0.0.1/anypath/c:/windows/win.ini' would allow access to files on the C: drive, even when the server is running from a different drive (GitHub Issue).
Impact
This vulnerability could allow unauthorized access to sensitive files on different drives of Windows systems running hyper-staticfile, potentially exposing confidential information or system files to attackers (GitHub Issue).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management