[MapProxy] MapProxy security issue in demo service
Oliver Tonnhofer
olt at omniscale.de
Mon Jul 12 01:47:16 PDT 2021
Hi all,
Samuel Curry found a security issue in old but still essential code for the demo service.
This issue allows attacker to read all files on the server as long as MapProxy has read permissions. The attacker has to guess right filename and path, however this is easy for common system files.
It's recommended to disable the demo service (just comment out 'demo' in the service block). There will be a 1.13.1 release with a fix soon.
The GitHub issue can be found here: https://github.com/mapproxy/mapproxy/issues/526
Kind regards,
Oliver
More information about the MapProxy
mailing list