search

abhishek-ram / django-pyas2

AS2 file transfer Server built on Python and Django.
https://django-pyas2.readthedocs.io
GNU General Public License v3.0
78 stars 31 forks source link

Unprotected download view endpoint leaks information #24

Closed loop0 closed 4 years ago

loop0 commented 4 years ago

The download view endpoint is currently unprotected and can easily leak information as the ids are serial integers.

I have an open PR with a fix: https://github.com/abhishek-ram/django-pyas2/pull/23

loop0 commented 4 years ago

I'm closing this as they where fixed on #23