Message103485
> On the surface this seems like a potential directory traversal attack
> hole, although I couldn't get past 'pkg' by passing '../../../', so I
> guess there must be other checks before attempting the import.
I rushed to post; it turns out one *can* access packages in parent directories, so I think it's accurate to describe it as a directory traversal hole. |
|
Date |
User |
Action |
Args |
2010-04-18 12:05:38 | gsakkis | set | recipients:
+ gsakkis, brett.cannon, rhettinger, hauser, eric.araujo, mrts |
2010-04-18 12:05:38 | gsakkis | set | messageid: <1271592338.01.0.755764710475.issue2090@psf.upfronthosting.co.za> |
2010-04-18 12:05:36 | gsakkis | link | issue2090 messages |
2010-04-18 12:05:36 | gsakkis | create | |
|