January 09, 2019 [Issue 19564] New: The example Print hex dump allows to read arbitrary files from the server | ||||
|---|---|---|---|---|
| ||||
 | https://issues.dlang.org/show_bug.cgi?id=19564 Issue ID: 19564 Summary: The example Print hex dump allows to read arbitrary files from the server Product: D Version: D2 Hardware: All OS: All Status: NEW Severity: normal Priority: P1 Component: dlang.org Assignee: nobody@puremagic.com Reporter: dchristofas@posteo.de If you change "thisExePath" with another file path e.g. "/etc/lsb-release" and run the program, you are able to read that file. I'm not sure if this is known but it could be a security risk. -- | |||
Permalink
ReplyCopyright © 1999-2021 by the D Language Foundation