a12d25d8a5
A malicious attacker could craft a request to read arbitrary files on the system. This change adds a Grape validation to ensure that the tempfile parameter delivered by the Rack multipart uploader is a Tempfile type to prevent users from being able to specify arbitrary filenames. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/53072
5 lines
101 B
YAML
5 lines
101 B
YAML
---
|
|
title: Validate Wiki attachments are valid temporary files
|
|
merge_request:
|
|
author:
|
|
type: security
|