OSVDB-113418: Incomplete List of Disallowed Inputs

October 16, 2014

A flaw in the iptype() function is triggered when handling octal encoding. This may allow a remote attacker to bypass the IP exclusion feature.

References

www.agarri.fr/kom/archives/2014/10/15/bypassing_blacklists_based_on_ipy/index.html
www.osvdb.org/show/osvdb/113418

Code Behaviors & Features

Detect and mitigate OSVDB-113418 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →