Re: CVE-2015-1834 CC Path Traversal vulnerability


Dieu Cao <dcao@...>
 

Yes, that's the correct commit to cherry pick for the cc path traversal
vulnerability.

-Dieu
CF Runtime PM

On Tue, May 26, 2015 at 12:30 AM, nota-ja <dev(a)nota.m001.jp> wrote:

I understand the CFF strongly recommends to upgrade to v208 or after, but
for
those (including us) who cannot immediately upgrade, I want to know if
there
is a workaround against this vulnerability.

I've found that there is a commit which seems related this vulnerability:

https://github.com/cloudfoundry/cloud_controller_ng/commit/5257a8af6990e71cd1e34ae8978dfe4773b32826

Cherry-picking this commit may be a workaround? Or we need another commits
to cherry-pick?

Thanks in advance.





--
View this message in context:
http://cf-dev.70369.x6.nabble.com/cf-dev-CVE-2015-1834-CC-Path-Traversal-vulnerability-tp163p173.html
Sent from the CF Dev mailing list archive at Nabble.com.
_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

Join cf-dev@lists.cloudfoundry.org to automatically receive all group messages.