Hello.
I found that if you run this code on your site (including std.file), you can get illegal access to your server's files.
This is a tough vulnerability that puts the entire site at risk, as an attacker can download (possibly illegal) files, delete them, and so on.
Comment #1 by mipri — 2021-08-28T18:18:30Z
To be precise, you can get access to something that looks like a server's files. But by playing around a little bit you'll notice that writes to ~/ and /tmp aren't persistent. Code is run in a temporary docker container, and there's not likely to be anything interesting in the container. A security concern would only come up if the container can be broken out of. Code's at https://github.com/dlang-tour/core
Comment #2 by b2.temp — 2021-08-29T00:40:22Z
this was the wrong place anyway, run.dlang.io issues are on gh.