Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

eventapp: Use array to pass arguments #5

Merged
merged 1 commit into from Oct 30, 2015

Conversation

Projects
None yet
1 participant
@sorah
Copy link
Member

sorah commented Oct 30, 2015

ISUCON 5 qualifier eventapp could allow OS command injection by sending crafted HTTP requests.

This application isn't expected to run continuously and public, we think this vulnerability's impact is low. But we strongly recommend you to upgrade the eventapp to latest.

This vulnerability is tracked at CVE-2015-5673.

Affected versions

Fixed versions

References

Credit

This vulnerability is reported from Shoji Baba via IPA and JPCERT/CC.

sorah added a commit that referenced this pull request Oct 30, 2015

Merge pull request #5 from sorah/osci
eventapp: Use array to pass arguments

@sorah sorah merged commit 150e3e6 into isucon:master Oct 30, 2015

@sorah sorah deleted the sorah:osci branch Oct 30, 2015

sorah added a commit that referenced this pull request Oct 30, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.