Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Arbitrary Code Injection Or Denial Of Service (DoS) Through Unsafe Middleware in petems/tugboat (master) #272

Closed
petems opened this issue Jul 3, 2017 · 0 comments · Fixed by #274
Closed

Arbitrary Code Injection Or Denial Of Service (DoS) Through Unsafe Middleware in petems/tugboat (master) #272

petems opened this issue Jul 3, 2017 · 0 comments · Fixed by #274

Comments

@petems
Copy link
Owner

petems commented Jul 3, 2017

Arbitrary Code Injection Or Denial Of Service (DoS) Through Unsafe Middleware in petems/tugboat (master)

Issue Details

  • Vulnerability: Arbitrary Code Injection Or Denial Of Service (DoS) Through Unsafe Middleware
  • Severity: High
  • Project: petems/tugboat
  • Branch: master
  • Scan Date: Jul 3, 2017 12:01:10

Issue Decription

faraday_middleware is vulnerable to arbitrary code injection or denial of service attacks. It is possible when it uses YAML.load() by default to load resources from untrusted sources or over HTTP. YAML.load() is not safe against DoS and arbitrary code injection if it uses a Psych version that supports it.

View more details
petems added a commit that referenced this issue Jul 3, 2017
@petems
Switch to safe_yaml fork
067ef30 
* Partially resolves #272
* Full fix: wait for lostisland/faraday_middleware#157 to be merged
@petems petems mentioned this issue Jul 3, 2017
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Switch to safe_yaml fork petems/tugboat
1 participant
@petems