This website requires JavaScript.
Explore
Help
Sign In
Anon
/
pleroma
Watch
1
Star
0
Fork
0
You've already forked pleroma
Code
Issues
Pull Requests
Projects
Releases
Wiki
Activity
2c79509453
pleroma
/
changelog.d
/
emoji-pack-sanitization.security
2 lines
39 B
Plaintext
Raw
Normal View
History
Unescape
Escape
Resolve information disclosure vulnerability through emoji pack archive download endpoint The pack name has been sanitized so an attacker cannot upload a media file called pack.json with their own handcrafted list of emoji files as arbitrary files on the filesystem and then call the emoji pack archive download endpoint with a pack name crafted to the location of the media file they uploaded which tricks Pleroma into generating a zip file of the target files the attacker wants to download. The attack only works if the Pleroma instance does not have the AnonymizeFilename upload filter enabled, which is currently the default. Reported by: graf@poast.org
2023-08-03 10:08:37 -07:00
Emoji pack loader sanitizes pack names
Reference in New Issue
Copy Permalink