Insufficient `content-type` validation in `post_comment`

django / django-contrib-comments

BSD 3-Clause "New" or "Revised" License

614 stars 196 forks source link

Closed minusf closed 2 years ago

minusf commented 2 years ago

Non-existing models are not handled. From a recent security scan against our site:

Exception Type: LookupError at /c/post/
Exception Value: App 'wagtailcore' doesn't have a 'page' AND 1='1/*' model.

apps.get_model returns LookupError for non-existing models. This is not handled in the code.

minusf commented 2 years ago

ah this was actually fixed in 4da9d1f. sorry for the noise!