0
feloff created
There seems to be no validation for downloading binary objects using this method (used for downloading chat attachments). Is leaving all binary objects free for download not too big a hole in the security?
4 Answer(s)
-
0
Hi @feloff
Could you write the name of the class (Controller) and it's method name ?
-
0
Hi, In the ChatController (Web.Host Project) controller. Method: GetUploadedObject (Angular + Core project version 6.2.1) Kind regards,
-
0
thanks for reporting.
Have created an issue on this.
https://github.com/aspnetzero/aspnet-zero-core/issues/2035
-
0
The fix wil be released with ANZ v6.5
