Local file read through %load_json in plantuml/plantuml


Reported on

Jun 12th 2023


When ALLOW_PLANTUML_INCLUDE is set to false (the default settings) in the online server, !include processing is turned off, preventing local files from being read. However, other features like %load_json can still access local files.

Since many people will run plantuml-server in its default configuration, it might be better to block all local file reading by default or include controlling %load_json access as part of the ALLOW_PLANTUML_INCLUDE switch.

Proof of Concept

docker run -d -p 8080:8080 plantuml/plantuml-server:jetty

Inside the container, write a JSON file /var/lib/jetty/test.json

Bob -> Alice : %load_json("/var/lib/jetty/test.json")

We can also confirm whether or not a file exists on the system. If the file exists, the result will either be valid JSON or a JSON parse error (if the file is not a JSON file). Otherwise, the result is simply {}. This can allow attackers to gain more information about the system.


Read local JSON files, and confirm existence of files.

We are processing your report and will contact the plantuml team within 24 hours. 3 months ago
We have contacted a member of the plantuml team and are waiting to hear back 3 months ago
plantuml/plantuml maintainer has acknowledged this report 3 months ago
PlantUML validated this vulnerability 3 months ago
Zhang Zeyu has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
PlantUML marked this as fixed in 1.2023.9 with commit fbe7fa 3 months ago
The fix bounty has been dropped
This vulnerability has been assigned a CVE
PlantUML published this vulnerability 3 months ago
to join this conversation