> This looks like it requires specially crafted code, therefore not a security i... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		jimktrains2 on April 4, 2019 \| parent \| context \| favorite \| on: Apache web server bug grants root access on shared... > This looks like it requires specially crafted code, therefore not a security issue. I'm not sure how I feel about such a response. Many exploits require odd, but valid code, and more often than not it exists out there. Also, it feels weird for this to be tagged as a JSON issue?

jsight on April 4, 2019 [–]

Basically they don't consider the engineer exploiting the interpreter to be a security vulnerability. That seems a bit dubious, but I can see where they are coming from in treating the script author as a trusted party.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact