Files and Environment variables were logged
prodoxx
PROOP

2 months ago

I keep seeing my error logs outputting my repo files, system files and environement variables. It looks something like this:

  [Error: x] {
  digest: 'root:x:0:0:root:/root:/bin/bash\n' +
    'daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin\n' +
    'bin:x:2:2:bin:/bin:/usr/sbin/nologin\n' +
    'sys:x:3:3:sys:/dev:/usr/sbin/nologin\n' +
    'sync:x:4:65534:sync:/bin:/bin/sync\n' +
    'games:x:5:60:games:/usr/games:/usr/sbin/nologin\n' +
    'man:x:6:12:man:/var/cache/man:/usr/sbin/nologin\n' +
    'lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin\n' +
    'mail:x:8:8:mail:/var/mail:/usr/sbin/nologin\n' +
    'news:x:9:9:news:/var/spool/news:/usr/sbin/nologin\n' +
    'uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin\n' +
    'proxy:x:13:13:proxy:/bin:/usr/sbin/nologin\n' +
    'www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin\n' +
    'backup:x:34:34:backup:/var/backups:/usr/sbin/nologin\n' +
    'list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin\n' +
    'irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin\n' +
    '_apt:x:42:65534::/nonexistent:/usr/sbin/nologin\n' +
    'nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin\n'
}
  [Error: x] {
  digest: '.env.example\n' +
    '.gitignore\n' +
    '.next\n' +
    '.nixpacks\n' +
    '.vscode\n' +
....

 [Error: ENOENT: no such file or directory, open '/var/lib/kubelet/config.yaml'] {
  errno: -2,
  code: 'ENOENT',
  syscall: 'open',
  path: '/var/lib/kubelet/config.yaml',
  digest: '3093416567'
}
  [Error: x] {
  digest: '.bash_history\n.bashrc\n.bun\n.cache\n.local\n.profile'
}

Including environment variables. Is this a bug with railway or is this related to the NextJs vulnerability. This logs showed up earlier today.

15 Replies

brody
EMPLOYEE

2 months ago

In the deployment logs?

prodoxx
PROOP

2 months ago

No, it's not the deployment logs. I haven't deployed anything this week.

prodoxx
PROOP

2 months ago

I actually haven't found where these errors are coming from. My code would not log these errors.

prodoxx
PROOP

2 months ago

Project ID: 695786c1-3e50-401a-a99e-bab9d4eca26a

brody
EMPLOYEE

2 months ago

Then where are you seeing these errors?

prodoxx
PROOP

2 months ago

It's coming from one of my NextJS app.

brody
EMPLOYEE

2 months ago

Where are you seeing these errors printed?

brody
EMPLOYEE

2 months ago

Those are deployment logs.

prodoxx
PROOP

2 months ago

Ok? The last time I deployed to that service was 2 weeks ago. These logs are from few hours ago.

brody
EMPLOYEE

2 months ago

Your application is printing those logs, nothing to do with when you deployed the app.

prodoxx
PROOP

2 months ago

Yes, my application is printing those logs. But, there is nothing in my app that directly prints those out. So my question was, is this a Railway bug? If not, then this likely has to be related to the NetxJs vulnerability that I haven't patched and patching now as we speak. Either way, I thought Railway blocked this.

1447793356397871000

brody
EMPLOYEE

2 months ago

We do, so it would be something your app is printing.

brody
EMPLOYEE

2 months ago

You are also using Cloudflare by the looks of it, they block it too.

prodoxx
PROOP

2 months ago

I would think so but this appears to be a security issue rather than a normal application error. I'm going to patch NextJs and rotate my keys.

Loading...