LCD 047
LCD 047
> I found that the vulnerable part is in the file `syntastic/syntax_checkers/xml/xmllint.vim` but I didn't yet get the logic and why it's making the requests (maybe it's a feature !),...
> Even if syntastic isn't conceived with security in mind and you aren't up to patch it Since you rise this point, here's a short categorization of the kind of...
@Matir That would also prevent `xmllint` from working in that particular situation, otherwise (presumably) `xmllint` wouldn't make network requests.
> THATS VERY MALICIOUS ACTION. I DONT WANT RCE BY OPENING A FILE. Then complain to `xmllint` developers?
No description of what this is supposed to fix and how = reject.
Right, but `eslint` already looks for config files in the current directory and upwards, and thus it doesn't have the problem that FAQ entry is supposed to address. Also `.eslintrc`...
@ferdnyc Feel free to submit a patch that removes all references `jscs` and provides a better example in the README.
This assumes the attacker has write access to a parent directory to the base directory of the project you're checking. Consequently the impact should be pretty low on usual setups....
I released [3.9.0][3.9.0] with the first part of the fix I mentioned above, clearing the defaults for the names of the configuration files. Sadly Vim has no built-in way of...
Please post a complete test file that produces these "bad" errors. I can't seem to obtain the error you mention with the piece o code above, and puppet 4.1.0.