Skip to content
This repository has been archived by the owner on Sep 6, 2021. It is now read-only.

Security: Fixed policy injection issue #88

Merged
merged 1 commit into from
Feb 17, 2014
Merged

Security: Fixed policy injection issue #88

merged 1 commit into from
Feb 17, 2014

Conversation

mveytsman
Copy link

The JSON policy file to be signed by the users AWS credentials was being
generated as a string and included user controlled data. This could
allow an attacker to inject into the JSON and modify the ACL.

The JSON hash is now being generated from a Ruby hash in order to
prevent injection attacks.

@mveytsman
Security: Fixed policy injection issue
1df00db 
The JSON policy file to be signed by the users AWS credentials was being
generated as a string and included user controlled data. This could
allow an attacker to inject into the JSON and modify the ACL.

The JSON hash is now being generated from a Ruby hash in order to
prevent injection attacks.
nathancolgate added a commit that referenced this pull request Feb 17, 2014
@nathancolgate
Merge pull request #88 from mveytsman/master
ef2016b 
Security: Fixed policy injection issue
@nathancolgate nathancolgate merged commit ef2016b into nathancolgate:master Feb 17, 2014
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mveytsman @nathancolgate