anyquery CVE Request 4: Path Traversal in read_yaml Module

 

• Title: Path Traversal Vulnerability in read_yaml Module Due to Unvalidated File Path

• Affected Component: module/read_yaml.go, Prepare Method

• Attack Vector: Malicious SQL query, such as SELECT * FROM read_yaml('~/.ssh/id_rsa' AS path).

• Description: The read_yaml function allows direct file path input and does not verify the path, enabling attackers to read arbitrary files.

• Vulnerability Type: Path Traversal (CWE-22)

• Impact: This flaw can be used to access private keys, configurations, or any other sensitive files readable by the process.

• Suggested Fix: Sanitize with filepath.Clean, resolve as an absolute path, and restrict access to a safe directory scope.