30cb3d784c
Fix CVE-2023-45158: An OS command injection vulnerability exists in web2py 2.24.1 and earlier. When the product is configured to use notifySendHandler for logging (not the default configuration), a crafted web request may execute an arbitrary OS command on the web server using the product. https://jvn.jp/en/jp/JVN80476432 https://github.com/web2py/web2py/compare/v2.24.1...v2.26.1 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> |
||
|---|---|---|
| .. | ||
| Config.in | ||
| python-web2py.hash | ||
| python-web2py.mk | ||
| S51web2py | ||
| web2py.service | ||