diff options
author | Nick Thomas <nick@gitlab.com> | 2018-12-04 18:59:01 +0300 |
---|---|---|
committer | John Jarvis <jarv@gitlab.com> | 2018-12-06 18:03:14 +0300 |
commit | 75373b7525dc52253e7cb4644239e8f0e2d55586 (patch) | |
tree | d61344aeeb9382dd4d8ab3ed20aea9e92e744840 /README.md | |
parent | c0ed50bac6fc003058a711c25bfbe5fc630c3305 (diff) |
Prevent a path traversal attack on global file templates
The API permits path traversal characters like '../' to be passed down
to the template finder. Detect these requests and cause them to fail
with a 500 response code.
Diffstat (limited to 'README.md')
0 files changed, 0 insertions, 0 deletions