mirror of https://github.com/MISP/MISP
fix: [security] Fixed an RCE vulnerability with user controled entries being fed to file_exists
- phar protocol paths for php file instructions can lead to RCE via meta-data deserialization - mitigated by the functionalities enabling this being only accessible to site admins - Reported by Dawid Czarneckipull/4769/head
parent
5d611c39ff
commit
c42c5fe927
|
@ -3076,6 +3076,9 @@ class Server extends AppModel
|
|||
|
||||
public function testForBinExec($value)
|
||||
{
|
||||
if (substr($value, 0, 7) === "phar://") {
|
||||
return 'Phar protocol not allowed.';
|
||||
}
|
||||
$finfo = finfo_open(FILEINFO_MIME_TYPE);
|
||||
if ($value === '') {
|
||||
return true;
|
||||
|
@ -3094,6 +3097,9 @@ class Server extends AppModel
|
|||
|
||||
public function testForWritableDir($value)
|
||||
{
|
||||
if (substr($value, 0, 7) === "phar://") {
|
||||
return 'Phar protocol not allowed.';
|
||||
}
|
||||
if (!is_dir($value)) {
|
||||
return 'Not a valid directory.';
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue