Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Done
Priority: Major - P3
Fix Version/s: 2.6.0-rc1
Affects Version/s: 2.6.0-rc0
Component/s: JavaScript, Security
Labels:
- 26qa

Operating System:
ALL

db.eval allows a user to load a js file via the load() function. This is a potential security risk since it allows the user to instruct the server to read files on the server side.

Assignee:: Mark Benvenuto

Reporter:: Mark Benvenuto

Participants:: Githook User, Mark Benvenuto

Votes:: 1 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: Feb 28 2014 09:15:17 PM UTC

Updated:: Jul 11 2016 05:18:21 PM UTC

Resolved:: Mar 04 2014 09:20:09 PM UTC

Details

Description

Attachments

Activity

People

Dates