luci/protocols/luci-proto-wireguard/root at 44445a8097d05dbcc807c95c5b2c016f1a49a350 - Difuse/luci

History

Jo-Philipp Wich 44445a8097 luci-proto-wireguard: fix potential shell injection vulnerabilities The `luci.wireguard.generateQrCode` UBUS method allows injecting arbitrary shell code by not sanitizing the `privkey` and `allowed_ips` arguments before concatenating them into shell command expressions. Signed-off-by: Jo-Philipp Wich <jo@mein.io>	2021-10-08 20:27:13 +02:00
..
usr	luci-proto-wireguard: fix potential shell injection vulnerabilities	2021-10-08 20:27:13 +02:00

Jo-Philipp Wich 44445a8097 luci-proto-wireguard: fix potential shell injection vulnerabilities

The `luci.wireguard.generateQrCode` UBUS method allows injecting
arbitrary shell code by not sanitizing the `privkey` and `allowed_ips`
arguments before concatenating them into shell command expressions.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

2021-10-08 20:27:13 +02:00

usr

luci-proto-wireguard: fix potential shell injection vulnerabilities

2021-10-08 20:27:13 +02:00