You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently the IDs in the TemporaryStorageProvider are completely predictable, i.e. increment by 1, starting from 1.
Thus a malicious app is able to read/access temporary files by just trying IDs starting from 1
It'd probably be better to have a random UUID as the key to access files in the temporary storage provider.
Sorry, no PR due to my offline setup, but here's a patch file:
Currently the IDs in the TemporaryStorageProvider are completely predictable, i.e. increment by 1, starting from 1.
Thus a malicious app is able to read/access temporary files by just trying IDs starting from 1
It'd probably be better to have a random UUID as the key to access files in the temporary storage provider.
Sorry, no PR due to my offline setup, but here's a patch file:
The text was updated successfully, but these errors were encountered: