search

stashapp / stash

An organizer for your porn, written in Go. Documentation: https://docs.stashapp.cc
https://stashapp.cc/
GNU Affero General Public License v3.0
8.94k stars 782 forks source link

Change umask when creating config file to exclude user write (CVE-2024-32233) #4866

Closed WithoutPants closed 4 months ago

WithoutPants commented 4 months ago

Changes config.yml permissions to be user and group writable only when creating the file.

Fixes CVE-2024-32233