← Back to index | Original Bugzilla link

Bug 19564 – The example Print hex dump allows to read arbitrary files from the server

Status: RESOLVED
Resolution: WONTFIX
Severity: critical
Priority: P1
Component: dlang.org
Product: D
Version: D2
Platform: All
OS: All
Creation time: 2019-01-09T09:45:14Z
Last change time: 2019-12-22T11:14:10Z
Assigned to: No Owner
Creator: dchristofas

Comments

Comment #0 by dchristofas — 2019-01-09T09:45:14Z

If you change "thisExePath" with another file path e.g. "/etc/lsb-release" and run the program, you are able to read that file. I'm not sure if this is known but it could be a security risk.

Comment #1 by bugzilla — 2019-12-22T11:14:10Z

According to the security team, this is not an issue.