Loading...

Undo Transition
Closed

XML

Word

Printable

JSON

Type: Bug
Resolution: Done
Priority: Major - P3
Fix Version/s: 2.6.0-rc1
Affects Version/s: 2.6.0-rc0
Component/s: JavaScript, Security
Labels:
- 26qa

Operating System:
ALL
Confidence Status:
None
Work Order:
3
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

db.eval allows a user to load a js file via the load() function. This is a potential security risk since it allows the user to instruct the server to read files on the server side.

Assignee:: Mark Benvenuto
Reporter:: Mark Benvenuto
Participants:: Githook User, Mark Benvenuto
Votes:: 1 Vote for this issue
Watchers:: 6 Start watching this issue

Created:: Feb 28 2014 09:15:17 PM UTC
Updated:: Jul 11 2016 05:18:21 PM UTC
Resolved:: Mar 04 2014 09:20:09 PM UTC

Details

Description

Attachments

Forms

Activity

People

Dates