projects / ceph.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2418b24) | patch
[PATCH] mgr/dashboard: fix improper URL checking
authorErnesto Puerta <epuertat@redhat.com>
Wed, 15 Jan 2020 12:54:26 +0000 (13:54 +0100)
committerBernd Zeimetz <bzed@debian.org>
Sat, 18 Jan 2020 18:58:32 +0000 (18:58 +0000)
commitd0c5fe5fab72dc279720f11a243733d98cb42f11
tree6594b49ee11a5d1d6e892c8d79361aa502fbddbetree | snapshot
parent2418b242c15b1aa33f65ed5c20d4118d0f5a093fcommit | diff
[PATCH] mgr/dashboard: fix improper URL checking

This change disables up-level references beyond the HTTP base directory.
[CVE-2020-1699]

Fixes: https://tracker.ceph.com/issues/43607
Signed-off-by: Ernesto Puerta <epuertat@redhat.com>
Gbp-Pq: Name 0443e40c11280ba3b7efcba61522afa70c4f8158.patch
src/pybind/mgr/dashboard/controllers/home.py diff | blob | history
src/pybind/mgr/dashboard/tests/test_home.py diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.