-
-
Notifications
You must be signed in to change notification settings - Fork 402
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Prevent use of .. or : in file path #3552
Prevent use of .. or : in file path #3552
Conversation
@BaHXeLiSiHg fyi, I'm requesting your review here because the code being affected exists due to a PR we worked on quite some time ago, to enable loading/unloading assemblies in memory. The result is a potential security issue that's been uncovered, and this is an attempt to resolve that by preventing loading assemblies from outside the app's |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep, I'm okay with that.
Hi folks, |
I've never explored that concept @sampizzey, would this be in GH or NuGet? |
@rockfordlhotka I just got an email b/c one of my repo's is apparently using a version of Csla which is vunerable. https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-28698 Was this fix ever backported? It seems like it should be given the effort required to move to Csla 6+. |
|
Closes #3551