Uploaded image for project: 'translate5'
  1. translate5
  2. TRANSLATE-3021

Path traversal on bconf parsing (4.2)

    XMLWordPrintable

Details

    • Critical
    • NONE: Issue was already solved as side-effect of implementing BCONF-Management Milestone 2

    Description

      problem

      An uploaded bconf file could be modified in a way, so that the contained SRX files are not written to the data/editorOkapiBconf/ but somewhere outside. 

      solution

      check the final path of the created file and restrict so the save file location. And/or use basename to get just the filename part of the file and use that.

      Attachments

        Activity

          People

            axelbecher Axel Becher
            tlauria Thomas Lauria
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: