This repository was archived by the owner on Sep 8, 2023. It is now read-only.
This repository was archived by the owner on Sep 8, 2023. It is now read-only.
Question/Security - Execution of upload files. #1098
Open
Description
Hello,
I have a question about management of uploaded file in your application.
Is it intended behavior that uploaded files are executable?
I checked that Codiad has not the mitigations for execution of uploaded file.
Even though uploading feature needs administrator credential, execution of uploaded file is still dangerous.
I think it needs to the mitigations like compressing/encoding upload file or hide the upload path.
Metadata
Metadata
Assignees
Labels
No labels