Skip to content

Fix: path traversal vulnerability in EDL resolve_path() (CWE-22)#93

Open
nobugpal wants to merge 1 commit into
browser-use:mainfrom
nobugpal:fix/path-traversal-resolve-path
Open

Fix: path traversal vulnerability in EDL resolve_path() (CWE-22)#93
nobugpal wants to merge 1 commit into
browser-use:mainfrom
nobugpal:fix/path-traversal-resolve-path

Conversation

@nobugpal

@nobugpal nobugpal commented Jun 29, 2026

Copy link
Copy Markdown

Summary

Fixes a path traversal vulnerability (CWE-22) in helpers/render.py's resolve_path() function. The function previously did not validate resolved file paths, allowing an attacker who controls an EDL JSON file to use ../ sequences to read arbitrary files from the filesystem via ffmpeg.

Vulnerability Details

Three attack vectors are fixed:

Vector EDL Field ffmpeg impact
Source paths sources[KEY] -i reads arbitrary file
Subtitle paths subtitles subtitles filter opens arbitrary file
Overlay paths overlays[].file -i reads arbitrary file

Fix

  • Rejects absolute paths with a clear ValueError
  • Calls Path.resolve() (symlink-safe) before the containment check
  • Validates that the resolved path stays within the intended base directory using Path.is_relative_to() (Python 3.9+) with a string-prefix fallback for older versions
  • Preserves all existing functionality for legitimate relative paths

Testing

  • ✅ Malicious EDL with ../ValueError: Path traversal detected
  • ✅ Legitimate EDL with relative path within project → continues normally
  • ✅ Backward compatible — no changes to function signature or callers

Disclosure

This finding was made during a security audit of trending AI tools. Full disclosure report is available upon request.

Co-Authored-By: Claude noreply@anthropic.com


Summary by cubic

Fixes a path traversal vulnerability (CWE-22) in helpers/render.py’s resolve_path() that let EDL inputs escape the project directory and read arbitrary files via ffmpeg. Resolved paths are now validated, blocking absolute or out-of-base paths across source, subtitle, and overlay inputs.

  • Bug Fixes
    • Reject absolute paths with a clear error.
    • Resolve with Path.resolve() before checks to prevent symlink bypasses.
    • Ensure the path stays under the base using Path.is_relative_to() with a safe fallback for older Python.
    • No API changes; valid relative paths continue to work.

Written for commit 1185fa7. Summary will update on new commits.

Review in cubic

Security fix for CWE-22: The resolve_path() function in helpers/render.py
did not validate file paths, allowing an attacker to use '../' sequences
in EDL JSON files to read arbitrary files from the filesystem via ffmpeg.

Three attack vectors are fixed:
1. Source paths (sources[] field) — passed to ffmpeg -i
2. Subtitle paths (subtitles field) — passed to ffmpeg subtitles filter
3. Overlay paths (overlays[].file field) — passed to ffmpeg -i

The fix:
- Rejects absolute paths
- Uses Path.resolve() (symlink-safe) before containment check
- Validates resolved path is within the intended base directory
- Compatible with Python 3.9+ (is_relative_to) and older versions

Co-Authored-By: Claude <noreply@anthropic.com>

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 1 file

Re-trigger cubic

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

1 participant