Headline

CVE-2023-0743: update img header · answerdev/answer@860b1a3

Cross-site Scripting (XSS) - Generic in GitHub repository answerdev/answer prior to 1.0.4.

1 year ago

CVE

Open in Source

#xss #git

@@ -4,6 +4,7 @@ import (

“fmt”

“net/url”

“os”

“path”

“path/filepath”

“strings”

@@ -53,13 +54,26 @@ func (am *AvatarMiddleware) AvatarThumb() gin.HandlerFunc {

ctx.Next()

return

}

ext := strings.ToLower(path.Ext(filePath)[1:])

ctx.Header("content-type", fmt.Sprintf("image/%s", ext))

_, err = ctx.Writer.WriteString(string(avatarfile))

if err != nil {

log.Error(err)

}

ctx.Abort()

return

} else {

uUrl, err := url.Parse(u)

if err != nil {

ctx.Next()

return

}

_, urlfileName := filepath.Split(uUrl.Path)

uploadPath := am.serviceConfig.UploadPath

filePath := fmt.Sprintf("%s/%s", uploadPath, urlfileName)

ext := strings.ToLower(path.Ext(filePath)[1:])

ctx.Header("content-type", fmt.Sprintf("image/%s", ext))

}

ctx.Next()

}

Cross-site Scripting (XSS) - Generic in GitHub repository answerdev/answer prior to 1.0.4.

1 year ago

ghsa

Open in Source

#xss #vulnerability #git

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago

Headline

CVE-2023-0743: update img header · answerdev/answer@860b1a3

Related news

CVE: Latest News