[MapProxy] MapProxy security issue in demo service
olt at omniscale.de
Mon Jul 12 01:47:16 PDT 2021
Samuel Curry found a security issue in old but still essential code for the demo service.
This issue allows attacker to read all files on the server as long as MapProxy has read permissions. The attacker has to guess right filename and path, however this is easy for common system files.
It's recommended to disable the demo service (just comment out 'demo' in the service block). There will be a 1.13.1 release with a fix soon.
The GitHub issue can be found here: https://github.com/mapproxy/mapproxy/issues/526
More information about the MapProxy