Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fixed vulnerabilities identified by red4sec.com #4521

Merged
merged 1 commit into from Oct 30, 2018

Conversation

ktsaou
Copy link
Member

@ktsaou ktsaou commented Oct 30, 2018

Summary

I received an email by Red4Sec.com that identified 4 security issues on the netdata web server:

  1. HTTP header injection (make the web server return a specific HTTP header)
  2. LOG injection (make the web server log a line at its logs)
  3. JSON injection (make the web server return a JSON response)
  4. Full Path Disclosure

This PR fixes the 3 first of them.

The 4th one is intentional.

Component Name

core/webserver

Additional Information

@ktsaou ktsaou merged commit 92327c9 into netdata:master Oct 30, 2018
@ktsaou ktsaou deleted the red4sec branch October 30, 2018 00:36
gmosx pushed a commit to gmosx/netdata that referenced this pull request Nov 8, 2018
Kiku-Reise pushed a commit to Kiku-Reise/netdata that referenced this pull request Mar 4, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants