Uusi ongelma

#6 Remote OS command execution

Suljettu

5 vuotta sitten avasi sindre · 0 kommenttia

The first time a user uploads a file to a task there is a new foldercreated by using the taskid. Tampering with the task id can allow for command injection when executing OS command swith the popen function in the Python os package.

sindre added this to the Required fixes milestone 5 vuotta sitten

sindre added the

bug

label 5 vuotta sitten

sindre added the

webpy

label 5 vuotta sitten

sindre added the

injection

label 5 vuotta sitten

sindre viittasi tähän ongelmaan commitissa 5 vuotta sitten

Fix OS remote code execution Fixes #6

sindre referenced a pull request that will close this issue 5 vuotta sitten

Fix OS remote code execution #36

sindre suljettu 5 vuotta sitten

Sign in to join this conversation.

bug

injection

webpy

Required fixes

No Assignees

1 osallistujaa

Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.