digitalmars.D.bugs - [Issue 22247] New: [std.process]

d-bugmail puremagic.com (20/20) Aug 28 2021 https://issues.dlang.org/show_bug.cgi?id=22247

https://issues.dlang.org/show_bug.cgi?id=22247

          Issue ID: 22247
           Summary: [std.process]
           Product: D
           Version: D2
          Hardware: All
               URL: http://dlang.org/phobos/
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P3
         Component: phobos
          Assignee: nobody puremagic.com
          Reporter: ttimofeyka yandex.ru

Hello.

I found that if you run this code on your site (including std.file), you can
get illegal access to your server's files.

This is a tough vulnerability that puts the entire site at risk, as an attacker
can download (possibly illegal) files, delete them, and so on.

--

Aug 28 2021

D Programming

C/C++ Programming

Other

digitalmars.D.bugs - [Issue 22247] New: [std.process]