Vulnerabilities > CVE-2021-21269 - Unspecified vulnerability in Keymaker Project Keymaker
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
Keymaker is a Mastodon Community Finder based Matrix Community serverlist page Server. In Keymaker before version 0.2.0, the assets endpoint did not check for the extension. The rust `join` method without checking user input might have made it abe to do a Path Traversal attack causing to read more files than allowed. This is fixed in version 0.2.0.
Vulnerable Configurations
References
- https://github.com/keymaker-mx/keymaker/commit/63f3012b390ff1519a84100df9e5dff5058bb926
- https://github.com/keymaker-mx/keymaker/commit/63f3012b390ff1519a84100df9e5dff5058bb926
- https://github.com/keymaker-mx/keymaker/security/advisories/GHSA-pg25-xfcf-vjvm
- https://github.com/keymaker-mx/keymaker/security/advisories/GHSA-pg25-xfcf-vjvm