sindre
/
Beelance
关注 1
点赞 0
派生 0
代码 工单 6 合并请求 0 版本发布 0 百科 动态
标签 里程碑
创建工单

#25 File names can overwrite other resources

开启中
sindre5 年前创建 · 0 条评论
sindre 评论于 5 年前

When uploading a file it can overwrite other files, even those ondifferent levels due to lack of input validation. This is differentfrom uploading, as even without checking for file name, itshould be checked that it won’t overwrite another file.

When uploading a file it can overwrite other files, even those ondifferent levels due to lack of input validation. This is differentfrom uploading, as even without checking for file name, itshould be checked that it won’t overwrite another file.
sindre 5 年前 添加了里程碑 Required fixes
sindre 添加了标签
webpy
5 年前
sindre 添加了标签
bug
5 年前
sindre 添加了标签
security misconfiguration
5 年前
sindre 5 年前 修改了里程碑从 Required fixesOptional vulnerabilities
登陆 并参与到对话中。
分支/标记未指定
分支列表 标签列表
标签
清除选中标签
broken access control
Broken access control vulnerability broken authentication
Broken authentication vulnerability bug
Something is not working csrf
Cross site request forgery vulnerability enhancement
New feature injection
Injection vulnerability insecure deserialization
Insecure deserialization vulnerability known vulnerability
Using components with known vulnerabilities logging
Insufficient logging vulnerability nginx
Concerns nginx security misconfiguration
Security misconfiguration vulnerability sensitive data exposure
Sensitive data exposure vulnerability webpy
Concerns the webpy framework
未选择标签
broken access control
broken authentication
bug
csrf
enhancement
injection
insecure deserialization
known vulnerability
logging
nginx
security misconfiguration
sensitive data exposure
webpy
里程碑
取消选中里程碑
未选择里程碑
Optional vulnerabilities
指派成员
取消指派成员
未指派成员
1 名参与者
到期时间

未设置到期时间。

依赖工单

此工单当前没有任何依赖。

撰写 预览
正在加载...
取消
保存
这个人很懒,什么都没留下。
删除分支 '%!s(MISSING)'

删除分支是永久的。此操作 无法 撤销,继续?

取消操作
确认操作