Uploaded image for project: 'translate5'
  1. translate5
  2. TRANSLATE-3021

Path traversal on bconf parsing (4.2)

XMLWordPrintable

    • Critical
    • NONE: Issue was already solved as side-effect of implementing BCONF-Management Milestone 2

      problem

      An uploaded bconf file could be modified in a way, so that the contained SRX files are not written to the data/editorOkapiBconf/ but somewhere outside. 

      solution

      check the final path of the created file and restrict so the save file location. And/or use basename to get just the filename part of the file and use that.

          [TRANSLATE-3021] Path traversal on bconf parsing (4.2)

          Axel Becher added a comment -

          Issue was already solved as side-effect of implementing  BCONF-Management Milestone 2

          Axel Becher added a comment - Issue was already solved as side-effect of implementing  BCONF-Management Milestone 2

          Axel Becher added a comment -

          Issue was already solved as side-effect of implementing  BCONF-Management Milestone 2

          Axel Becher added a comment - Issue was already solved as side-effect of implementing  BCONF-Management Milestone 2

          Axel Becher added a comment -

          The Issue was already solved on the time it was created...

          Axel Becher added a comment - The Issue was already solved on the time it was created...

            axelbecher Axel Becher
            tlauria Thomas Lauria
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: