Moderate severityNVD Advisory· Published Aug 16, 2021· Updated Sep 17, 2024
Directory Traversal
CVE-2021-23423
Description
This affects the package bikeshed before 3.0.0. This can occur when an untrusted source file containing include, include-code or include-raw block is processed. The contents of arbitrary files could be disclosed in the HTML output.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Directory traversal in bikeshed before 3.0.0 allows disclosure of arbitrary file contents via malicious include blocks.
Vulnerability
The vulnerability affects the package bikeshed before version 3.0.0. When processing an untrusted source file containing include, include-code, or include-raw blocks, the application does not properly sanitize file paths, allowing directory traversal. This can lead to disclosure of arbitrary file contents in the generated HTML output [1][3].
Exploitation
An attacker can exploit this by providing a crafted source file to bikeshed. No authentication is required; any user who can submit a source file for processing can trigger the vulnerability. The attacker uses path traversal sequences (e.g., ../) in the include directive to read files outside the intended directory [3].
Impact
Successful exploitation results in information disclosure. The attacker can read arbitrary files from the file system, potentially exposing sensitive information such as configuration files, source code, or secrets [3].
Mitigation
Upgrade to bikeshed version 3.0.0 or later. The fix was implemented in commit b2f668fca204260b1cad28d5078e93471cb6b2dd [4]. No workarounds are available; upgrading is the recommended action.
References
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
bikeshedPyPI | < 3.0.0 | 3.0.0 |
Affected products
2Patches
1b2f668fca204Prevent escaping the source doc's folder, or running arbitrary code, without explicit opt-in at the command-line.
8 files changed · +60 −17
bikeshed/cli.py+14 −0 modified@@ -75,6 +75,18 @@ def main(): choices=["nothing", "fatal", "link-error", "warning", "everything"], help="Determines what sorts of errors cause Bikeshed to die (quit immediately with an error status code). Default is 'fatal'; the -f flag is a shorthand for 'nothing'", ) + argparser.add_argument( + "--allow-nonlocal-files", + dest="allowNonlocalFiles", + action="store_true", + help="Allows Bikeshed to see/include files from folders higher than the one your source document is in." + ) + argparser.add_argument( + "--allow-execute", + dest="allowExecute", + action="store_true", + help="Allow some features to execute arbitrary code from outside the Bikeshed codebase." + ) subparsers = argparser.add_subparsers(title="Subcommands", dest="subparserName") @@ -444,6 +456,8 @@ def main(): constants.printMode = "console" else: constants.printMode = options.printMode + constants.chroot = not options.allowNonlocalFiles + constants.executeCode = options.allowExecute update.fixupDataFiles() if options.subparserName == "update":
bikeshed/config/main.py+16 −1 modified@@ -4,6 +4,9 @@ import lxml +from .. import constants +from .. import messages + def englishFromList(items, conjunction="or"): # Format a list of strings into an English list. @@ -168,7 +171,19 @@ def flatten(arr): def scriptPath(*pathSegs): startPath = os.path.dirname(os.path.dirname(os.path.realpath(__file__))) - return os.path.join(startPath, *pathSegs) + path = os.path.join(startPath, *pathSegs) + return path + + +def chrootPath(chrootPath, path): + chrootPath = os.path.abspath(chrootPath) + path = os.path.abspath(path) + if not path.startswith(chrootPath): + messages.die(f"Attempted to access a file ({path}) outside the source document's directory ({chrootPath}). See --allow-nonlocal-files.") + raise Exception() + else: + return path + def doEvery(s, action, lastTime=None):
bikeshed/config/retrieve.py+8 −8 modified@@ -63,7 +63,7 @@ def _fail(self, location, str, okayToFail): ) -def retrieveBoilerplateFile(doc, name, group=None, status=None, error=True): +def retrieveBoilerplateFile(doc, name, group=None, status=None, error=True, allowLocal=True): # Looks in three or four locations, in order: # the folder the spec source is in, the group's boilerplate folder, the megagroup's boilerplate folder, and the generic boilerplate folder. # In each location, it first looks for the file specialized on status, and then for the generic file. @@ -77,7 +77,7 @@ def retrieveBoilerplateFile(doc, name, group=None, status=None, error=True): status = doc.md.rawStatus megaGroup, status = splitStatus(status) - searchLocally = doc.md.localBoilerplate[name] + searchLocally = allowLocal and doc.md.localBoilerplate[name] def boilerplatePath(*segs): return scriptPath("boilerplate", *segs) @@ -101,13 +101,13 @@ def boilerplatePath(*segs): # We should remove this after giving specs time to react to the warning: sources.append(doc.inputSource.relative(f)) if group: - sources.append(InputSource(boilerplatePath(group, statusFile))) - sources.append(InputSource(boilerplatePath(group, genericFile))) + sources.append(InputSource(boilerplatePath(group, statusFile), chroot=False)) + sources.append(InputSource(boilerplatePath(group, genericFile), chroot=False)) if megaGroup: - sources.append(InputSource(boilerplatePath(megaGroup, statusFile))) - sources.append(InputSource(boilerplatePath(megaGroup, genericFile))) - sources.append(InputSource(boilerplatePath(statusFile))) - sources.append(InputSource(boilerplatePath(genericFile))) + sources.append(InputSource(boilerplatePath(megaGroup, statusFile), chroot=False)) + sources.append(InputSource(boilerplatePath(megaGroup, genericFile), chroot=False)) + sources.append(InputSource(boilerplatePath(statusFile), chroot=False)) + sources.append(InputSource(boilerplatePath(genericFile), chroot=False)) # Watch all the possible sources, not just the one that got used, because if # an earlier one appears, we want to rebuild.
bikeshed/constants.py+2 −0 modified@@ -9,6 +9,8 @@ biblioDisplay = StringEnum("index", "inline") specClass = None testAnnotationURL = "https://test.csswg.org/harness/annotate.js" +chroot = True +executeCode = False def errorLevelAt(target):
bikeshed/extensions.py+2 −1 modified@@ -1,8 +1,9 @@ from . import config +from . import constants from .h import * # noqa: F401 from .messages import * # noqa: F401 def load(doc): - code = config.retrieveBoilerplateFile(doc, "bs-extensions") + code = config.retrieveBoilerplateFile(doc, "bs-extensions", allowLocal=constants.executeCode) exec(code, globals())
bikeshed/inlineTags/__init__.py+4 −0 modified@@ -1,11 +1,15 @@ from subprocess import PIPE, Popen +from .. import constants from ..h import * from ..messages import * def processTags(doc): for el in findAll("[data-span-tag]", doc): + if not constants.executeCode: + die("Found an inline code tag, but arbitrary code execution isn't allowed. See the --allow-execute flag.") + return tag = el.get("data-span-tag") if tag not in doc.md.inlineTagCommands: die("Unknown inline tag '{0}' found:\n {1}", tag, outerHTML(el), el=el)
bikeshed/InputSource.py+13 −6 modified@@ -13,6 +13,7 @@ import requests import tenacity +from . import config from .Line import Line @@ -38,17 +39,17 @@ class InputSource: manager for temporarily switching to the directory of a file InputSource. """ - def __new__(cls, sourceName: str): + def __new__(cls, sourceName: str, **kwargs): """Dispatches to the right subclass.""" if cls != InputSource: # Only take control of calls to InputSource(...) itself. return super().__new__(cls) if sourceName == "-": - return StdinInputSource(sourceName) + return StdinInputSource(sourceName, **kwargs) if sourceName.startswith("https:"): - return UrlInputSource(sourceName) - return FileInputSource(sourceName) + return UrlInputSource(sourceName, **kwargs) + return FileInputSource(sourceName, **kwargs) @abstractmethod def __str__(self) -> str: @@ -157,11 +158,17 @@ def relative(self, relativePath) -> UrlInputSource: class FileInputSource(InputSource): - def __init__(self, sourceName: str): + def __init__(self, sourceName: str, *, chroot: bool, chrootPath: Optional[str] = None): self.sourceName = sourceName + self.chrootPath = chrootPath self.type = "file" self.content = None + if chroot and self.chrootPath is None: + self.chrootPath = self.directory() + if self.chrootPath is not None: + self.sourceName = config.chrootPath(self.chrootPath, self.sourceName) + def __str__(self) -> str: return self.sourceName @@ -179,7 +186,7 @@ def directory(self) -> str: return os.path.dirname(os.path.abspath(self.sourceName)) def relative(self, relativePath) -> FileInputSource: - return FileInputSource(os.path.join(self.directory(), relativePath)) + return FileInputSource(os.path.join(self.directory(), relativePath), chroot=False, chrootPath=self.chrootPath) def cheaplyExists(self, relativePath) -> bool: return os.access(self.relative(relativePath).sourceName, os.R_OK)
bikeshed/Spec.py+1 −1 modified@@ -58,7 +58,7 @@ def __init__( "No input file specified, and no *.bs or *.src.html files found in current directory.\nPlease specify an input file, or use - to pipe from STDIN." ) return - self.inputSource = InputSource(inputFilename) + self.inputSource = InputSource(inputFilename, chroot=constants.chroot) self.transitiveDependencies = set() self.debug = debug self.token = token
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-hf6p-4rv2-9qrpghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-23423ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/bikeshed/PYSEC-2021-117.yamlghsaWEB
- github.com/tabatkins/bikeshed/commit/b2f668fca204260b1cad28d5078e93471cb6b2ddghsax_refsource_MISCWEB
- snyk.io/vuln/SNYK-PYTHON-BIKESHED-1537647ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.