From https://discuss.tryton.org/t/uwsgi-is-vulnerable-to-a-directory-traversal-problem-on-2-0-19-1/3780.
Our override of SharedDataMiddleware.get_directory_loader
did include the usage of <code>safe_join</code>. So it is possible to escape the root directory.
History | |||
---|---|---|---|
Date | User | Action | Args |
2021-02-08 10:20:49 | ced | set | recipients: + bch, yangoon, nicoe, sharkcz, pokoli, roundup-bot, reviewbot |
2021-02-08 10:20:48 | ced | set | messageid: <1612776048.7931623.PTFIM5BE4QKVRCLB.issue10068@tryton.org> |
2021-02-08 10:20:48 | ced | link | issue10068 messages |
2021-02-08 10:20:48 | ced | create |
Showing 10 items. Show all history (warning: this could be VERY long)