Prevent command injection in VyConf external validator execution
Open, LowPublic

Description

https://github.com/vyos/vyconf/blob/master/src/value_checker.ml#L13-L24

Right now there is no validation at all, and a malicious user could execute arbitrary code with a specially prepared value to be validated. Dangerous characters should be escaped to prevent this.

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
This request is:
Service Request
dmbaturin created this task.Sep 8 2017, 6:05 AM
dmbaturin created this object with visibility "Public (No Login Required)".