From https://discuss.tryton.org/t/uwsgi-is-vulnerable-to-a-directory-traversal-problem-on-2-0-19-1/3780.
Our override of SharedDataMiddleware.get_directory_loader did include the usage of <code>safe_join</code>. So it is possible to escape the root directory.
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2021-02-08 10:20:49 | ced | set | recipients: + bch, yangoon, nicoe, sharkcz, pokoli, roundup-bot, reviewbot |
| 2021-02-08 10:20:48 | ced | set | messageid: <1612776048.7931623.PTFIM5BE4QKVRCLB.issue10068@tryton.org> |
| 2021-02-08 10:20:48 | ced | link | issue10068 messages |
| 2021-02-08 10:20:48 | ced | create | |
Showing 10 items. Show all history (warning: this could be VERY long)