Closed 7FM closed 1 year ago
Let's implement the rce fix first and then have a look into the other pr.
Thank you very much for that fix!
Let's implement the rce fix first and then have a look into the other pr.
Done, it is based on master now :)
I trust your tests since I cannot test
(The PR is currently based on https://github.com/diyhue/diyHue/pull/887, but I could rebase it to master in case https://github.com/diyhue/diyHue/pull/887 won't be merged.)
Small PoC:
Security Code
field:"; >&2 echo "PWNED" ; false && "
A vulnerable host will produce approximately the following logs:
Note the last line! The echo command got executed. Here is the log of a patched host: