Open GoogleCodeExporter opened 9 years ago
Sorry, I forgot to mention why this is a significant defect, in that this is a
security risk to allow directory walking through the username field to allow
execution or reading of arbitrary files in the operating system that may result
in unexpected code execution or denial of service. Especially if the scratch
code reading is designed where it may be necessary to write to a file to update
the fact a code has been used. This may inadvertently allow people to corrupt
files elsewhere in the file system by specifying a file elsewhere.
Original comment by James.Ha...@gmail.com
on 10 Oct 2013 at 4:48
Original issue reported on code.google.com by
James.Ha...@gmail.com
on 10 Oct 2013 at 4:43