drupal_checksheet icon indicating copy to clipboard operation
drupal_checksheet copied to clipboard

Published 20 hours ago verified publisher icon Lullabot

Security vulnerabilities?

Open q0rban opened this issue 11 years ago • 2 comments

Not sure if this is related, but there was a security check done on MSNBC, and the following was discovered:

Re: Address veracode static/dynamic scan report A handful of the reported errors found in the scan are from the spreadsheet-reader library included with msnbc/custom/msnbc_devel. This is the module Sally added for comparing the Drupal content-types to the Google document.

q0rban avatar Apr 02 '14 18:04 q0rban

@q0rban Do you have any information on what the errors actually are?

justafish avatar Apr 03 '14 08:04 justafish

excel_reader2.php

  • On line 983 it's saying there is a cross-site scripting vulnerability but no details on exactly what that is.
  • On line 105 it's saying there is a "External Control of File Name or Path"

SpreadsheetReader_CSV.php

  • On line 50 it's saying there is a "External Control of File Name or Path"

Description

This call contains a path manipulation flaw. The argument to the function is a filename constructed using user-supplied input. If an attacker is allowed to specify all or part of the filename, it may be possible to gain unauthorized access to files on the server, including those outside the webroot, that would be normally be inaccessible to end users. The level of exposure depends on the effectiveness of input validation routines, if any.

Recommendations

Validate all user-supplied input to ensure that it conforms to the expected format, using centralized data validation routines when possible. When using black lists, be sure that the sanitizing routine performs a sufficient number of iterations to remove all instances of disallowed characters.

sirkitree avatar Apr 03 '14 13:04 sirkitree