[
https://issues.apache.org/jira/browse/OFBIZ-11948?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17487441#comment-17487441
]
ASF subversion and git services commented on OFBIZ-11948:
---------------------------------------------------------
Commit 30770e1ceaa81198f3ba56a9dbc0dfb727a84d7a in ofbiz-framework's branch
refs/heads/trunk from Jacques Le Roux
[ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=30770e1 ]
Fixed: Remote Code Execution (File Upload) Vulnerability (OFBIZ-11948)
In SecuredUpload::isValidImageFile I initially used isValidText() and thought
that decoding would be better so finally used isValidTextFile() instead. But
then valid images files are not passing. So this replaces isValidTextFile by
isValidText there.
Also while at it removes few other PHP tokens, now useless (hopefully, I have
still to check encoded and encrypted PHP webshells), from
security::deniedWebShellTokens. The less tokens we have the better the whole is
legible.
Improves related comments.
Modifies SecurityUtilTest::webShellTokensTesting accordingly
> Remote Code Execution (File Upload) Vulnerability
> -------------------------------------------------
>
> Key: OFBIZ-11948
> URL: https://issues.apache.org/jira/browse/OFBIZ-11948
> Project: OFBiz
> Issue Type: Sub-task
> Components: product/catalog
> Affects Versions: Trunk, 17.12.04, 18.12.01
> Reporter: Jacques Le Roux
> Assignee: Jacques Le Roux
> Priority: Major
> Fix For: 17.12.05, 18.12.01
>
>
> Harshit Shukla harshit.sh...@gmail.com reported this RCE vulnerability to the
> OFBiz security team, and we thank him for that.
> I'll later quote here his email message when the vulnerability will be fixed.
> It's a post-auth vulnerability so we did not ask for a CVE.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
