Issue #1183: fix query parameter processing in multiple calls - koji

koji

#1183 fix query parameter processing in multiple calls

Closed: Fixed 5 years ago by mikem. Opened 5 years ago by mikem.

The following functions use unsafe techniques to handle some of their query parameters: list_archives, get_archive_type, and listHosts.
These bugs allow an attacker to inject arbitrary sql commands.

This issue has been assigned CVE-2018-1002161

You can read the full announcement here:
https://docs.pagure.org/koji/CVE-2018-1002161/

Metadata Update from @mikem:
- Issue private status set to: False (was: True)

5 years ago

mikem commented 5 years ago

Commit bdec8c7 fixes this issue

mikem commented 5 years ago

Fixed in pr #1274

Metadata Update from @mikem:
- Issue priority set to: High (was: Normal)
- Issue set to the milestone: 1.17
- Issue tagged with: bug

5 years ago

Metadata

Assignee

None

Tags

Blocking

None

Depending on

None

Priority

High

Milestone

1.17

Size

None

koji

Source Code

Documentation

#1183 fix query parameter processing in multiple calls Closed: Fixed 5 years ago by mikem. Opened 5 years ago by mikem.

Metadata

bug

#1183 fix query parameter processing in multiple calls

Closed: Fixed 5 years ago by mikem. Opened 5 years ago by mikem.