search

universityofcalifornia / NeXt

UC NeXt is a Rails app for fostering IT collaboration amongst the various UC campuses.
https://ucnext.org
Other
11 stars 11 forks source link

fix ImageTragick vulnerability #440

Closed jshslsky closed 8 years ago

jshslsky commented 8 years ago

https://imagetragick.com/

Validate incoming image headers and restrict uploads to PNG and JPG.

jshslsky commented 8 years ago

Part one of this fix is here and deployed.