Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closure injection has a vulnerability #8

Closed
sroehrl opened this issue Oct 21, 2021 · 0 comments · Fixed by #9
Closed

Closure injection has a vulnerability #8

sroehrl opened this issue Oct 21, 2021 · 0 comments · Fixed by #9
Labels
bug Something isn't working

Comments

@sroehrl
Copy link
Owner

sroehrl commented Oct 21, 2021

In the template evaluation, closures are evaluated based on whether a value is callable within the current scope.
In theory, one could create a multi-step attack by storing particular values into the database that are known to be eventually rendered by the template engine. would the value of such a key happen to be a callable, one could execute global or local functions & methods. While it is unclear how one could use this to exploit neoan3, this constitutes a security concern.

@sroehrl sroehrl added the bug Something isn't working label Oct 21, 2021
@sroehrl sroehrl linked a pull request Oct 21, 2021 that will close this issue
sroehrl added a commit that referenced this issue Oct 21, 2021
SECURITY: allowing for direct injection (Issue #8)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant