Summary
FileStore maps cache keys to filenames using Unicode NFKD normalization and ord() substitution without separators, creating key collisions. When FileStore is used as response-cache backend, an unauthenticated remote attacker can trigger cache key collisions via crafted paths, causing one URL to serve cached responses of another (cache poisoning/mixup)
Details
litestar.stores.file._safe_file_name() normalizes input with unicodedata.normalize("NFKD", name) and builds the filename by concatenating c if alphanumeric else str(ord(c)) (no delimiter).
This transformation is not injective, e.g.:
- "k-" and "k45" both become "k45" (because - ord('-') == 45)
- "k/\n" becomes "k4710", colliding with "k4710"
- "K" (Kelvin sign) normalizes to "K", colliding with "K"
When used in response caching, the default cache key includes request path and sorted query params, which are attacker-controlled.
PoC
import asyncio, tempfile
from litestar.stores.file import FileStore
async def main():
d = tempfile.mkdtemp(prefix="ls_filestore_poc_")
store = FileStore(d, create_directories=True)
await store.__aenter__()
# 1) ASCII ord-collision: "-" -> 45
await store.set("k-", b"A")
v = await store.get("k45")
print("k- ->", v)
print("k45 ->", await store.get("k45"))
if v == b"A":
print("VULNERABLE: 'k-' collides with 'k45'")
# 2) NFKD collision: Kelvin sign -> K
await store.set("K", b"B") # U+212A
v2 = await store.get("K")
print("K ->", await store.get("K"))
print("K ->", v2)
if v2 == b"B":
print("VULNERABLE: 'K' collides with 'K' (NFKD)")
if __name__ == "__main__":
asyncio.run(main())
Impact
Vulnerability type: cache poisoning / cache key collision.
Impacted deployments: applications using Litestar response caching with FileStore backend (or any attacker-influenced keying into FileStore).
Possible impact: serving incorrect cached content across distinct URLs, potential confidentiality/integrity issues depending on what endpoints are cached.
References
Sirdorblu Reporter
Summary
FileStore maps cache keys to filenames using Unicode NFKD normalization and ord() substitution without separators, creating key collisions. When FileStore is used as response-cache backend, an unauthenticated remote attacker can trigger cache key collisions via crafted paths, causing one URL to serve cached responses of another (cache poisoning/mixup)
Details
litestar.stores.file._safe_file_name() normalizes input with unicodedata.normalize("NFKD", name) and builds the filename by concatenating c if alphanumeric else str(ord(c)) (no delimiter).
This transformation is not injective, e.g.:
When used in response caching, the default cache key includes request path and sorted query params, which are attacker-controlled.
PoC
Impact
Vulnerability type: cache poisoning / cache key collision.
Impacted deployments: applications using Litestar response caching with FileStore backend (or any attacker-influenced keying into FileStore).
Possible impact: serving incorrect cached content across distinct URLs, potential confidentiality/integrity issues depending on what endpoints are cached.
References