gitlab-org--gitlab-foss/changelogs/unreleased/sh-fix-wiki-security-issue-53072.yml
Stan Hu a12d25d8a5 Validate Wiki attachments are valid temporary files
A malicious attacker could craft a request to read arbitrary files on
the system. This change adds a Grape validation to ensure that the
tempfile parameter delivered by the Rack multipart uploader is a
Tempfile type to prevent users from being able to specify arbitrary
filenames.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/53072
2018-10-23 20:47:38 -07:00

5 lines
101 B
YAML

---
title: Validate Wiki attachments are valid temporary files
merge_request:
author:
type: security