projects / ceph.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4209964) | patch
[PATCH] mgr/dashboard: fix improper URL checking
authorErnesto Puerta <epuertat@redhat.com>
Wed, 15 Jan 2020 12:54:26 +0000 (13:54 +0100)
committerBernd Zeimetz <bzed@debian.org>
Tue, 21 Jan 2020 20:21:17 +0000 (20:21 +0000)
commit885e9e4528dd40a4a6f44b47b804c3585f693c4e
tree8483d7060df5a10afbfcadce238ff990290f01dftree | snapshot
parent42099649a1a07483b0736dc8b1e887113af7246dcommit | diff
[PATCH] mgr/dashboard: fix improper URL checking

This change disables up-level references beyond the HTTP base directory.
[CVE-2020-1699]

Fixes: https://tracker.ceph.com/issues/43607
Signed-off-by: Ernesto Puerta <epuertat@redhat.com>
Gbp-Pq: Name 0443e40c11280ba3b7efcba61522afa70c4f8158.patch
src/pybind/mgr/dashboard/controllers/home.py diff | blob | history
src/pybind/mgr/dashboard/tests/test_home.py diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.