-
Joshua Tauberer authored
Seems like if REQUEST_METHOD is set to GET, then we can drop two redundant ways the query string is given. munin-cgi-graph itself reads the environment variables only, but its calls to Perl's CGI::param will look at the command line if REQUEST_METHOD is not used, otherwise it uses environment variables like CGI used to work. Since this is all behind admin auth anyway, there isn't a public vulnerability. #914 was opened without comment which lead me to notice the redundancy and worry about a vulnerability, before I realized this is admin-only anyway. The vulnerability was created by 6d6f3ea3. See #914. This is the v0.19b hotfix commit.
a14b1779
Name |
Last commit
|
Last update |
---|---|---|
conf | ||
management | ||
ppa | ||
setup | ||
tests | ||
tools | ||
.gitignore | ||
CHANGELOG.md | ||
CONTRIBUTING.md | ||
LICENSE | ||
README.md | ||
Vagrantfile | ||
security.md |