New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Question/Security - Execution of upload files. #1098

Open
Hexife opened this Issue Nov 11, 2018 · 1 comment

Comments

Projects
None yet
1 participant
@Hexife

Hexife commented Nov 11, 2018

Hello,

I have a question about management of uploaded file in your application.

Is it intended behavior that uploaded files are executable?

I checked that Codiad has not the mitigations for execution of uploaded file.

Even though uploading feature needs administrator credential, execution of uploaded file is still dangerous.

I think it needs to the mitigations like compressing/encoding upload file or hide the upload path.

@Hexife Hexife changed the title from Security - Execution of upload files. to Question/Security - Execution of upload files. Nov 11, 2018

@Hexife

This comment has been minimized.

Hexife commented Nov 22, 2018

I requested CVE for this vulnerability. CVE-2018-19423.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment