Skip to content

Fix: path traversal vulnerability in EDL resolve_path() (CWE-22)#93

Open
nobugpal wants to merge 1 commit into
browser-use:mainfrom
nobugpal:fix/path-traversal-resolve-path
Open

Fix: path traversal vulnerability in EDL resolve_path() (CWE-22)#93
nobugpal wants to merge 1 commit into
browser-use:mainfrom
nobugpal:fix/path-traversal-resolve-path

Conversation

@nobugpal

@nobugpal nobugpal commented Jun 29, 2026

Copy link
Copy Markdown

Summary

Fixes a path traversal vulnerability (CWE-22) in helpers/render.py's resolve_path() function. The function previously did not validate resolved file paths, allowing an attacker who controls an EDL JSON file to use ../ sequences to read arbitrary files from the filesystem via ffmpeg.

Vulnerability Details

Three attack vectors are fixed:

Vector EDL Field ffmpeg impact
Source paths sources[KEY] -i reads arbitrary file
Subtitle paths subtitles subtitles filter opens arbitrary file
Overlay paths overlays[].file -i reads arbitrary file

Fix

  • Rejects absolute paths with a clear ValueError
  • Calls Path.resolve() (symlink-safe) before the containment check
  • Validates that the resolved path stays within the intended base directory using Path.is_relative_to() (Python 3.9+) with a string-prefix fallback for older versions
  • Preserves all existing functionality for legitimate relative paths

Testing

  • ✅ Malicious EDL with ../ValueError: Path traversal detected
  • ✅ Legitimate EDL with relative path within project → continues normally
  • ✅ Backward compatible — no changes to function signature or callers

Disclosure

This finding was made during a security audit of trending AI tools. Full disclosure report is available upon request.

Co-Authored-By: Claude noreply@anthropic.com


Summary by cubic

Fixes a path traversal vulnerability (CWE-22) in helpers/render.py’s resolve_path() that let EDL inputs escape the project directory and read arbitrary files via ffmpeg. Resolved paths are now validated, blocking absolute or out-of-base paths across source, subtitle, and overlay inputs.

  • Bug Fixes
    • Reject absolute paths with a clear error.
    • Resolve with Path.resolve() before checks to prevent symlink bypasses.
    • Ensure the path stays under the base using Path.is_relative_to() with a safe fallback for older Python.
    • No API changes; valid relative paths continue to work.

Written for commit 1185fa7. Summary will update on new commits.

Review in cubic

Security fix for CWE-22: The resolve_path() function in helpers/render.py
did not validate file paths, allowing an attacker to use '../' sequences
in EDL JSON files to read arbitrary files from the filesystem via ffmpeg.

Three attack vectors are fixed:
1. Source paths (sources[] field) — passed to ffmpeg -i
2. Subtitle paths (subtitles field) — passed to ffmpeg subtitles filter
3. Overlay paths (overlays[].file field) — passed to ffmpeg -i

The fix:
- Rejects absolute paths
- Uses Path.resolve() (symlink-safe) before containment check
- Validates resolved path is within the intended base directory
- Compatible with Python 3.9+ (is_relative_to) and older versions

Co-Authored-By: Claude <noreply@anthropic.com>

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 1 file

Re-trigger cubic

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant