Steven Liu (12020-04-27): > I need one example to understand about the security issue after this patch.
Use ff_make_absolute_url() on a trusted base and an un-trusted path; check the result starts with the allowed prefix. Let an attacker escape because the result contains ../. Regards, -- Nicolas George
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
