{question}
What should SingleStore customers know about a recently identified path traversal issue affecting SingleStoreDB webservice endpoints?
{question}
{answer}
SingleStore proactively identified and resolved a security issue in the webservice file and download handlers where the /file and /download endpoints did not properly validate canonicalized paths. Under certain conditions, this could allow an authenticated requester with access to those endpoints to use path traversal sequences and read files outside the intended /proc and trace logs directories.
This issue affected SingleStoreDB webservice behavior in self-managed environments where the vulnerable endpoints were reachable.
- If you are a SingleStore Helios customer, no action is required from you if this functionality is not exposed as part of your managed deployment model.
- If you are running SingleStore self-managed, we recommend upgrading to 9.0.13 or later, if not done already.
{answer}