delta/gitlab/gitlab-ce.git/lib/api/validations, branch fix-formatting-eks-docs gitlab.com: gitlab-org/gitlab-ce.git Validate Wiki attachments are valid temporary files 2018-10-24T03:47:38+00:00 Stan Hu stanhu@gmail.com 2018-10-23T21:59:00+00:00 a12d25d8a5e95ef868370e7c09e777237047366b A malicious attacker could craft a request to read arbitrary files on the system. This change adds a Grape validation to ensure that the tempfile parameter delivered by the Rack multipart uploader is a Tempfile type to prevent users from being able to specify arbitrary filenames. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/53072 
A malicious attacker could craft a request to read arbitrary files on
the system. This change adds a Grape validation to ensure that the
tempfile parameter delivered by the Rack multipart uploader is a
Tempfile type to prevent users from being able to specify arbitrary
filenames.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/53072