Message 64360

Author
ced
Date
2021-02-08.10:20:48
Message id
64360

Content

From https://discuss.tryton.org/t/uwsgi-is-vulnerable-to-a-directory-traversal-problem-on-2-0-19-1/3780.
Our override of SharedDataMiddleware.get_directory_loader did include the usage of <code>safe_join</code>. So it is possible to escape the root directory.

History
Date User Action Args
2021-02-08 10:20:49cedsetrecipients: + bch, yangoon, nicoe, sharkcz, pokoli, roundup-bot, reviewbot
2021-02-08 10:20:48cedsetmessageid: <1612776048.7931623.PTFIM5BE4QKVRCLB.issue10068@tryton.org>
2021-02-08 10:20:48cedlinkissue10068 messages
2021-02-08 10:20:48cedcreate

Showing 10 items. Show all history (warning: this could be VERY long)