[Issue 22247] New: [std.process]
d-bugmail at puremagic.com
d-bugmail at puremagic.com
Sat Aug 28 17:49:51 UTC 2021
https://issues.dlang.org/show_bug.cgi?id=22247
Issue ID: 22247
Summary: [std.process]
Product: D
Version: D2
Hardware: All
URL: http://dlang.org/phobos/
OS: All
Status: NEW
Severity: enhancement
Priority: P3
Component: phobos
Assignee: nobody at puremagic.com
Reporter: ttimofeyka at yandex.ru
Hello.
I found that if you run this code on your site (including std.file), you can
get illegal access to your server's files.
This is a tough vulnerability that puts the entire site at risk, as an attacker
can download (possibly illegal) files, delete them, and so on.
--
More information about the Digitalmars-d-bugs
mailing list