Issue to fix: ParseClient::sendRequest function executes a system binary in order to send HTTPS requests to the Parse server. It construct a command line using the Process::addParameter function of Arduino’s Process class. addParameter function does not perform any kind of input escaping, which is potentially a security hole.
francip
commented
9 years ago
Issue to fix: ParseClient::sendRequest function executes a system binary in order to send HTTPS requests to the Parse server. It construct a command line using the Process::addParameter function of Arduino’s Process class. addParameter function does not perform any kind of input escaping, which is potentially a security hole.