wallabag

mirror of https://github.com/wallabag/wallabag.git synced 2024-06-25 00:20:34 +00:00

History

Kevin Decherf 0fdd9aa991 ExportController: fix improper authorization vulnerability We fix the improper authorization by duplicating the check done by the private method EntryController::checkUserAction(). We also replace the ParamConverter used to get the requested Entry with an explicit call to EntryRepository in order to prevent a resource enumeration through response discrepancy. Thus, we get the same exception whether the requested resource does not exist or is not owned by the requester. Fixes GHSA-qwx8-mxxx-mg96 Signed-off-by: Kevin Decherf <kevin@kdecherf.com>	2023-01-20 15:09:38 +01:00
..
Wallabag	ExportController: fix improper authorization vulnerability	2023-01-20 15:09:38 +01:00
.htaccess	1st implementation of wallabag api, yeah	2015-01-28 17:09:27 +01:00

Kevin Decherf 0fdd9aa991 ExportController: fix improper authorization vulnerability

We fix the improper authorization by duplicating the check done by
the private method EntryController::checkUserAction().

We also replace the ParamConverter used to get the requested Entry with
an explicit call to EntryRepository in order to prevent a resource
enumeration through response discrepancy. Thus, we get the same
exception whether the requested resource does not exist or is not owned
by the requester.

Fixes GHSA-qwx8-mxxx-mg96

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>

2023-01-20 15:09:38 +01:00

Wallabag

ExportController: fix improper authorization vulnerability

2023-01-20 15:09:38 +01:00

.htaccess

1st implementation of wallabag api, yeah

2015-01-28 17:09:27 +01:00