mirror of
https://github.com/godotengine/buildroot.git
synced 2025-12-31 09:48:56 +03:00
e91d46937f
Fix CVE-2023-45158: An OS command injection vulnerability exists in web2py 2.24.1 and earlier. When the product is configured to use notifySendHandler for logging (not the default configuration), a crafted web request may execute an arbitrary OS command on the web server using the product. https://jvn.jp/en/jp/JVN80476432 https://github.com/web2py/web2py/compare/v2.24.1...v2.26.1 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 30cb3d784c73d56e18eb294907b124053b2c37a0) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>