Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-41984

[SNYK] Unsanitized input from file name flows into os.Open

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • 4.14.z, 4.15.z, 4.17.z, 4.16.z, 4.18.0
    • HyperShift
    • None
    • False
    • Hide

      None

      Show
      None

      Error from snyk code test command:

       ✗ [Medium] Path Traversal
         Path: ignition-server/controllers/local_ignitionprovider.go, line 487
         Info: Unsanitized input from file name flows into os.Open, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to open arbitrary files.
      
       ✗ [Medium] Path Traversal
         Path: ignition-server/controllers/local_ignitionprovider.go, line 693
         Info: Unsanitized input from file name flows into os.Open, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to open arbitrary files.

              jparrill@redhat.com Juan Manuel Parrilla Madrid
              jparrill@redhat.com Juan Manuel Parrilla Madrid
              Jie Zhao Jie Zhao
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: