k3vb0t
commented
8 years ago Sorry,
Closed vac4n7 closed 7 years ago
k3vb0t
commented
8 years ago Sorry,
k3vb0t
commented
8 years ago This should be an easy encoding change, I'll look into it in the next couple days or so (read: weekend :) )
k3vb0t
commented
8 years ago I fixed this in https://github.com/defpoint/threat_note/pull/165
If you create a threat actor with a "/" in the name, the links to add relationships, edit, or delete don't work because the "/" is passed literally in the links causing a 404. The web server interprets the "/" as designating a directory traversal instead of being part of the object name.
Recommend sanitizing input and output for Threat Actor object names.
Thanks for a great project!