diff --git a/changes/3241.fix.md b/changes/3241.fix.md new file mode 100644 index 0000000000..ee4fd4b6f6 --- /dev/null +++ b/changes/3241.fix.md @@ -0,0 +1 @@ +Prevent vfolder `request-download` API from accessing host filesystem. diff --git a/src/ai/backend/storage/api/client.py b/src/ai/backend/storage/api/client.py index bf2ac0a671..f9b526dc23 100644 --- a/src/ai/backend/storage/api/client.py +++ b/src/ai/backend/storage/api/client.py @@ -156,7 +156,7 @@ class Params(TypedDict): if (dst_dir := params["dst_dir"]) is not None: parent_dir = vfpath / dst_dir file_path = parent_dir / token_data["relpath"] - file_path.relative_to(vfpath) + file_path.resolve().relative_to(vfpath) if not file_path.exists(): raise FileNotFoundError except (ValueError, FileNotFoundError):