Vulnerability Summary
HackerOne disclosed report --> https://hackerone.com/reports/3543475 by xavlimsg
The account import flow processes ActionText attachment HTML from user-uploaded ZIP content.
In app/models/account/data_transfer/action_text_rich_text_record_set.rb, import-time method convert_gids_to_sgids converts attacker-controlled gid values into persisted sgid values by resolving the target record globally:
app/models/account/data_transfer/action_text_rich_text_record_set.rb:83app/models/account/data_transfer/action_text_rich_text_record_set.rb:87app/models/account/data_transfer/action_text_rich_text_record_set.rb:88app/models/account/data_transfer/action_text_rich_text_record_set.rb:89
hackerone-reportsHackerOne disclosed report --> https://hackerone.com/reports/3020021 by adilnbabras
hackerone-reportsHackerOne disclosed report --> https://hackerone.com/reports/3325582 by adilnbabras
hackerone-reportsHackerOne disclosed report --> https://hackerone.com/reports/3025797 by adilnbabras
No comments yet.
Be the first to share your thoughts
Log in to join the discussion.
Sign In