> 2020年4月27日 下午7:35,Nicolas George <[email protected]> 写道: > > Steven Liu (12020-04-27): >> I need one example to understand about the security issue after this patch. > > Use ff_make_absolute_url() on a trusted base and an un-trusted path; > check the result starts with the allowed prefix. Let an attacker escape > because the result contains ../. > Command line? > Regards, > > -- > Nicolas George
Thanks Steven Liu _______________________________________________ ffmpeg-devel mailing list [email protected] https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email [email protected] with subject "unsubscribe".
