Rest Server is a high performance HTTP server that implements restic's REST backend API.
BSD 2-Clause "Simplified" License
944
stars
140
forks
source link
Security: Users with names containing "/" can access paths outside of their private repo #131
Closed
juergenhoetzel closed 3 years ago
Consider prefix user
foo
Create user (sharing the same prefix and separated by a slash) to access config file:
Delete config file in first user's repo using the second users credentials: