search

o2r-project / o2r-contentbutler

Superseeded by https://github.com/o2r-project/o2r-transporter
http://o2r.info
Apache License 2.0
0 stars 1 forks source link

directory traversal #1

Closed JanKoppe closed 7 years ago

JanKoppe commented 8 years ago

mitigations for directory traversal are missing.

nuest commented 8 years ago

Why must something be mitigated? Please clarify.

nuest commented 7 years ago

A quick test with localhost/api/v1/compendium/821zh/data/../../../../ resulted in a redirect to http://localhost/api/..., also if using %2e%2e%2f or %2e%2e/. Requests don't even make it into the microservice.