Skip to content

[HOTFIX] Validate request path in raw API endpoint (CVE-2025-53908) #2085

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jul 16, 2025
Merged

[HOTFIX] Validate request path in raw API endpoint (CVE-2025-53908) #2085

merged 2 commits into from
Jul 16, 2025

Conversation

gantoine
Copy link
Member

Description
Explain the changes or enhancements you are proposing with this pull request.

Save downloads stopped working in latest beta release.

Checklist
Please check all that apply.

  • I've tested the changes locally
  • I've updated relevant comments
  • I've assigned reviewers for this PR
  • I've added unit tests that cover the changes

Screenshots

@trunk-io Trunk.io
Copy link

trunk-io bot commented Jul 16, 2025

Running Code Quality on PRs by uploading data to Trunk will soon be removed. You can still run checks on your PRs using trunk-action - see the migration guide for more information.

@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 16, 2025
edited
Loading

Test Results

168 tests  ±0   168 ✅ ±0   39s ⏱️ ±0s
  1 suites ±0     0 💤 ±0 
  1 files   ±0     0 ❌ ±0 

Results for commit 17d5439. ± Comparison against base commit f652c8a.

♻️ This comment has been updated with latest results.

@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 16, 2025
edited
Loading

☂️ Python Coverage

current status: ✅

Overall Coverage

Lines Covered Coverage Threshold Status
7921 4997 63% 0% 🟢

New Files

No new covered files...

Modified Files

File Coverage Status
backend/endpoints/raw.py 70% 🟢
TOTAL 70% 🟢

updated for commit: 17d5439 by action🐍

@gantoine gantoine requested a review from Copilot July 16, 2025 03:37
Copilot

This comment was marked as outdated.

Sign in to view

@gantoine gantoine force-pushed the hotfix-raw-endpoint-save-download branch from ea10cc6 to 7c94cb0 Compare July 16, 2025 03:38
@gantoine gantoine force-pushed the hotfix-raw-endpoint-save-download branch from edeb801 to 17d5439 Compare July 16, 2025 03:48
@gantoine gantoine requested a review from Copilot July 16, 2025 03:48
Copilot

This comment was marked as resolved.

Sign in to view

@gantoine gantoine merged commit 539a166 into master Jul 16, 2025
9 checks passed
@gantoine gantoine deleted the hotfix-raw-endpoint-save-download branch July 16, 2025 03:52
@gantoine gantoine changed the title [HOTFIX] Fix downloading saves from asset endpoint [HOTFIX] Validate request path in raw API endpoint (CVE-2025-53908) Jul 16, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@gantoine