[MapProxy] MapProxy security issue in demo service

Oliver Tonnhofer olt at omniscale.de
Mon Jul 12 01:47:16 PDT 2021

Hi all,

Samuel Curry found a security issue in old but still essential code for the demo service.

This issue allows attacker to read all files on the server as long as MapProxy has read permissions. The attacker has to guess right filename and path, however this is easy for common system files.

It's recommended to disable the demo service (just comment out 'demo' in the service block). There will be a 1.13.1 release with a fix soon.

The GitHub issue can be found here: https://github.com/mapproxy/mapproxy/issues/526

Kind regards,

More information about the MapProxy mailing list