gitlab-org--gitlab-foss

kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss

History

Stan Hu a12d25d8a5 Validate Wiki attachments are valid temporary files A malicious attacker could craft a request to read arbitrary files on the system. This change adds a Grape validation to ensure that the tempfile parameter delivered by the Rack multipart uploader is a Tempfile type to prevent users from being able to specify arbitrary filenames. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/53072	2018-10-23 20:47:38 -07:00
..
types	Validate Wiki attachments are valid temporary files	2018-10-23 20:47:38 -07:00

Stan Hu a12d25d8a5 Validate Wiki attachments are valid temporary files

A malicious attacker could craft a request to read arbitrary files on
the system. This change adds a Grape validation to ensure that the
tempfile parameter delivered by the Rack multipart uploader is a
Tempfile type to prevent users from being able to specify arbitrary
filenames.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/53072

2018-10-23 20:47:38 -07:00

types

Validate Wiki attachments are valid temporary files

2018-10-23 20:47:38 -07:00