Closed LucaCinquini closed 7 years ago
Who: NOAA security scan
The third-party filebrowser software that is used in CoG is susceptible to file path manipulation attackes in its open() and save() methods.
Those methods have been wrapped in a "validate_path()" method that checks for the presence of the infamous "." character.
verified by code review.
Who: NOAA security scan
The third-party filebrowser software that is used in CoG is susceptible to file path manipulation attackes in its open() and save() methods.