]> git.apps.os.sepia.ceph.com Git - ceph-ci.git/commit
projects / ceph-ci.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b2631ba) | patch
mgr/dashboard: fix improper URL checking
authorErnesto Puerta <epuertat@redhat.com>
Wed, 15 Jan 2020 12:54:26 +0000 (13:54 +0100)
committerErnesto Puerta <epuertat@redhat.com>
Thu, 16 Jan 2020 10:29:31 +0000 (11:29 +0100)
commit0443e40c11280ba3b7efcba61522afa70c4f8158
tree1f85a5aa44735bee476a36af4deeb1a06fc4d023tree | snapshot
parentb2631ba462c22adcb479a1df17c16eb4f125c173commit | diff
mgr/dashboard: fix improper URL checking

This change disables up-level references beyond the HTTP base directory.
[CVE-2020-1699]

Fixes: https://tracker.ceph.com/issues/43607
Signed-off-by: Ernesto Puerta <epuertat@redhat.com>
src/pybind/mgr/dashboard/controllers/home.py diff | blob | history
src/pybind/mgr/dashboard/tests/test_home.py diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.