New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Path security vulnerability #114

Closed
vti opened this Issue Apr 15, 2011 · 4 comments

Comments

Projects
None yet
3 participants
@vti
Contributor

vti commented Apr 15, 2011

Please, fix this. So people won't worry about their files.

http://YOURSERVER/%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd

@benvanstaveren

This comment has been minimized.

Show comment
Hide comment
@benvanstaveren

benvanstaveren Apr 15, 2011

Fixed it in my fork, pull request has been sent.

Fixed it in my fork, pull request has been sent.

@kraih

This comment has been minimized.

Show comment
Hide comment
@kraih

kraih Apr 15, 2011

Owner

The issue is fixed and an emergency release on the way, but the way you handled the disclosure is absolutely irresponsible.

Owner

kraih commented Apr 15, 2011

The issue is fixed and an emergency release on the way, but the way you handled the disclosure is absolutely irresponsible.

@kraih kraih closed this Apr 15, 2011

@vti

This comment has been minimized.

Show comment
Hide comment
@vti

vti Apr 15, 2011

Contributor

I agree, sorry about that.

Contributor

vti commented Apr 15, 2011

I agree, sorry about that.

@kraih

This comment has been minimized.

Show comment
Hide comment
@kraih

kraih Apr 15, 2011

Owner

Apology accepted, i've also removed your name from the blog post.
Please use private github messages instead of twitter for reporting security vulnerabilities in the future.

Owner

kraih commented Apr 15, 2011

Apology accepted, i've also removed your name from the blog post.
Please use private github messages instead of twitter for reporting security vulnerabilities in the future.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment