You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
) is vulnerable to Remote Code Execution (https://en.wikipedia.org/wiki/Arbitrary_code_execution). The user input flows from the filename field of the HTML form into the os.system() call. An attacker can provide input like "; some_other_command #" to execute arbitrary commands on your server.
I would suggest fixing this issue by e.g. replace os.system() with the subprocess.call() function from Python standard library.
Cheers!
The text was updated successfully, but these errors were encountered:
Hey,
I noticed that code in line 162 of browser/views.py (
pybamview/pybamview/browser/views.py
Line 162 in 719c425
I would suggest fixing this issue by e.g. replace os.system() with the subprocess.call() function from Python standard library.
Cheers!
The text was updated successfully, but these errors were encountered: