Base solution for your next web application
Starts in:
01 DAYS
01 HRS
01 MIN
01 SEC
Open Closed

GetUploadedObject Security #6159


User avatar
0
feloff created

There seems to be no validation for downloading binary objects using this method (used for downloading chat attachments). Is leaving all binary objects free for download not too big a hole in the security?


4 Answer(s)
  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @feloff

    Could you write the name of the class (Controller) and it's method name ?

  • User Avatar
    0
    feloff created

    Hi, In the ChatController (Web.Host Project) controller. Method: GetUploadedObject (Angular + Core project version 6.2.1) Kind regards,

  • User Avatar
    0
    ryancyq created
    Support Team

    thanks for reporting.

    Have created an issue on this.

    https://github.com/aspnetzero/aspnet-zero-core/issues/2035

  • User Avatar
    0
    ryancyq created
    Support Team

    The fix wil be released with ANZ v6.5