wathne
commented
3 weeks ago Closed LisaCabot closed 3 weeks ago
wathne
commented
3 weeks ago wathne
commented
3 weeks ago Reopened this issue. We should sanitize "post_form.image.data.filename", in routes.py, with the werkzeug.utils.secure_filename(filename) function.
wathne
commented
3 weeks ago
Description: The application does not validate uploaded file path, name, size or content. Potential Impact: Upload malicious code or config files to be executed by the server. Overwrite files. Affected part of the application: ./social_insecurity/routes.py Type of vulnerability: Unrestricted Upload of File with Dangerous Type (https://cwe.mitre.org/data/definitions/434.html)