search

nicolas2k / google-glass-api

Automatically exported from code.google.com/p/google-glass-api
1 stars 0 forks source link

An vulnerability that crashes one's Timeline repeatly #391

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?

POST /mirror/v1/timeline HTTP/1.1
Host: www.googleapis.com
Authorization: Bearer {{YOUR_ACCESS_TOKEN}}
Content-Type: application/json

{
  "text": "Hey guy, you are hacked",
  "menuItems": [ { "action": "HANGOUT" } ]
}

What is the expected output? What do you see instead?

The Mirror API should ignores actions that not released yet. Instead, it 
successfully publish the card, and that card with HANGOUT action crashes the 
GlassHome.

What version of the product are you using? On what operating system?

XE12

Please provide any additional information below.

So, if somebody hacked a Glassware server, and broadcast a evil card...

Original issue reported on code.google.com by chenxingyu92@gmail.com on 29 Jan 2014 at 12:23

Attachments:

GoogleCodeExporter commented 8 years ago

Original comment by ala...@google.com on 29 Jan 2014 at 5:05

GoogleCodeExporter commented 8 years ago 
This has been fixed with XE16!

Original comment by ala...@google.com on 21 Apr 2014 at 3:59

GoogleCodeExporter commented 8 years ago 
Thank you Alain.

Original comment by chenxingyu92@gmail.com on 21 Apr 2014 at 4:28