Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
systemsmanagement:Ardana:9:CentOS:7.5
grafana
CVE-2021-43813.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2021-43813.patch of Package grafana
commit f2dd7da9e5c662c44b4f2690c6541f49a4ec4667 Author: Will Browne <wbrowne@users.noreply.github.com> Date: Fri Dec 10 11:29:12 2021 +0000 Apply markdown path traversal fix (CVE-2021-43813) apply fix (#42969) Note: cherry-pick changed to work with v6.7.4 (cherry picked from commit ea77415cfe2cefe46ffce233076a1409abaa8df7) diff --git a/pkg/plugins/plugins.go b/pkg/plugins/plugins.go index 7d929e11e6..9d4ca9b54e 100644 --- a/pkg/plugins/plugins.go +++ b/pkg/plugins/plugins.go @@ -276,9 +276,9 @@ func GetPluginMarkdown(pluginId string, name string) ([]byte, error) { return nil, PluginNotFoundError{pluginId} } - path := filepath.Join(plug.PluginDir, fmt.Sprintf("%s.md", strings.ToUpper(name))) + path := filepath.Join(plug.PluginDir, mdFilepath(strings.ToUpper(name))) if _, err := os.Stat(path); os.IsNotExist(err) { - path = filepath.Join(plug.PluginDir, fmt.Sprintf("%s.md", strings.ToLower(name))) + path = filepath.Join(plug.PluginDir, mdFilepath(strings.ToLower(name))) } if _, err := os.Stat(path); os.IsNotExist(err) { @@ -291,3 +291,7 @@ func GetPluginMarkdown(pluginId string, name string) ([]byte, error) { } return data, nil } + +func mdFilepath(mdFilename string) string { + return filepath.Clean(filepath.Join("/", fmt.Sprintf("%s.md", mdFilename))) +}
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor