Uploaded image for project: 'Automation Analytics'
  1. Automation Analytics
  2. AA-1497

Check tarball paths for ".."

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Done
    • Icon: Undefined Undefined
    • None
    • None
    • api
    • None
    • False
    • Hide

      None

      Show
      None
    • False

      When extracting tarballs we should check for ".." in the paths prior to extraction.

      A malicious customer could potentially provide a file/path that overwrites a file in /app such as a file that prints out critical information to a /endpoint.

      CVE-2007-4559 python:
      https://issues.redhat.com/browse/AA-1433
      https://bugzilla.redhat.com/show_bug.cgi?id=263261

              daoneill@redhat.com David O Neill
              daoneill@redhat.com David O Neill
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: