Message388602
Indeed, the `host` on that line there should just be ignored with the IP address of the original data connection used in its place.
Your https://hackerone.com/reports/1040166 link provides plenty of information and likes to prior art mitigations other ftp clients including Firefox and Chrome well over a decade ago. |
|
Date |
User |
Action |
Args |
2021-03-13 10:30:43 | gregory.p.smith | set | recipients:
+ gregory.p.smith, giampaolo.rodola, ricexdream |
2021-03-13 10:30:43 | gregory.p.smith | set | messageid: <1615631443.48.0.378232895151.issue43285@roundup.psfhosted.org> |
2021-03-13 10:30:43 | gregory.p.smith | link | issue43285 messages |
2021-03-13 10:30:43 | gregory.p.smith | create | |
|