Skip to content

Flash Security Risk #794

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
gitblit opened this issue Aug 12, 2015 · 2 comments
Closed

Flash Security Risk #794

gitblit opened this issue Aug 12, 2015 · 2 comments
Assignees
@gitblit
Labels
🐱 Defect Priority-Medium Status-Done
Milestone
1.6.1

Comments

@gitblit
Copy link
Collaborator

gitblit commented Aug 12, 2015

Originally reported on Google Code with ID 498

Description:
    allowScriptAccess=”always” for a flash object is dangereous because it can allow a
cross domain privilege escalation or script injection.
Expected Output:
    The value of the flash object's allowScriptAccess attribute should be sameDomain.
Environment:
    Gitblit Version 1.6.0 running on rhel 6 / tomcat 7 / apache httpd 2.2 with proxy ajp

Reported by 1988porsche944 on 2014-09-05 13:46:37
@gitblit
Copy link
Collaborator Author

gitblit commented Aug 12, 2015 

https://dev.gitblit.com/tickets/gitblit.git/165
Fix pushed to master & develop.

Reported by James.Moger on 2014-09-05 19:06:06

  • Status changed: Queued
  • Labels added: Milestone-1.6.1

@gitblit gitblit self-assigned this Aug 12, 2015
@gitblit
Copy link
Collaborator Author

gitblit commented Aug 12, 2015 

v1.6.1 released

Reported by James.Moger on 2014-10-20 21:36:03

  • Status changed: Done

@gitblit gitblit closed this as completed Aug 12, 2015
@flaix flaix modified the milestone: 1.6.1 Dec 13, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gitblit gitblit

Labels
🐱 Defect Priority-Medium Status-Done
Projects
None yet
Milestone
1.6.1
Development

No branches or pull requests
2 participants
@gitblit @flaix