Commit - bug/pagure - b5e04680c755eab62f835634af93459a0f1ea215

bug / pagure

`b5e046` Do not serve svg inline

1 file Authored by Michael Scherer 7 years ago , Committed by Pierre-Yves Chibon 7 years ago ,

raw patch tree parent

1 file changed. 1 lines added. 1 lines removed.

    Do not serve svg inline
    
    SVG can contain javascript, so that's a easy vector for XSS on pagure.
    
    Fix CVE-2018-1002155
    
    Signed-off-by: Michael Scherer <misc@redhat.com>

pagure/lib/mimetype.py

file modified

+1 -1

SSH Hostkey/Fingerprint | Documentation | About

Logo by Pavel Lashutin

bug / pagure

Source Code

b5e046 Do not serve svg inline

1 file Authored by Michael Scherer 7 years ago , Committed by Pierre-Yves Chibon 7 years ago ,

`b5e046` Do not serve svg inline