possible vulnerability #3078

Al1-X · 2024-06-21T12:48:21Z

🔍 Have you checked Spicetify.app page for your issue?

I have checked the FAQ

🔍 Is there already an issue for your problem?

I have checked older issues, open and closed

ℹ Environment / Computer Info

Spotify for Windows (64 bit)
1.2.39.578.g0ea3f38b
Spicetify v2.36.13

📝 Description

Hello! I would like to point out a possible vulnerability issue. It is located at cli/src/utils/utils.go:74. The function io.Copy() does not limit the number of bytes that are read. This may lead, in certain cases, to uncontrolled memory and disk usage. If you agree that this is a problem, I suggest using io.CopyN().
Thank you!

https://pkg.go.dev/io#CopyN

📸 Screenshots

rxri · 2024-06-21T14:16:49Z

And how’s that a vulnerability if whatever is copied is hard-coded or typed into the config. Lol. Not everything is vulnerable if you use it in the way that doesn’t make it such

Al1-X added the 🐛 bug Something isn't working label Jun 21, 2024

rxri closed this as not planned Won't fix, can't repro, duplicate, stale Jun 21, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

possible vulnerability #3078

possible vulnerability #3078

Al1-X commented Jun 21, 2024

rxri commented Jun 21, 2024 •

edited

Loading

possible vulnerability #3078

possible vulnerability #3078

Comments

Al1-X commented Jun 21, 2024

🔍 Have you checked Spicetify.app page for your issue?

🔍 Is there already an issue for your problem?

ℹ Environment / Computer Info

📝 Description

📸 Screenshots

rxri commented Jun 21, 2024 • edited Loading

rxri commented Jun 21, 2024 •

edited

Loading