Impact
Wasm Workers Server offers the possibility to serve static files (assets). To provide this feature, wws uses the convention of the public folder. When this folder is present in your project, wws serves all files inside it.
When the public folder does not exist, the underlying actix-files library fails to open it, captures the "missing folder" error, and defaults to the current path. Under these circumstances, wws starts exposing all the files and folders from the current path, which is an unexpected behavior and may expose files that users did not expect.
Patches
The fix is already released in the following versions:
We recommend to update to the latest version.
Workarounds
If you cannot upgrade to any of those versions, create an empty public folder in your project to fix the issue.
References
jprendes Reporter
ereslibre Remediation developer
Angelmmiguel Remediation developer
Impact
Wasm Workers Server offers the possibility to serve static files (assets). To provide this feature,
wwsuses the convention of thepublicfolder. When this folder is present in your project,wwsserves all files inside it.When the
publicfolder does not exist, the underlyingactix-fileslibrary fails to open it, captures the "missing folder" error, and defaults to the current path. Under these circumstances,wwsstarts exposing all the files and folders from the current path, which is an unexpected behavior and may expose files that users did not expect.Patches
The fix is already released in the following versions:
We recommend to update to the latest version.
Workarounds
If you cannot upgrade to any of those versions, create an empty
publicfolder in your project to fix the issue.References