Security hole in Keystone app?

32 views
Skip to first unread message

Klaudiusz Marszałek

unread,
Jul 3, 2018, 2:53:00 PM7/3/18
to Keystone JS
Is it normal when you can post any file, requesting from any domain, without authorization? Posted files are stored in /tmp folder on server. I tested Keystone app without any changes, fresh installs. You can test here http://jsfiddle.net/N4Jxk/1089/, just change domain in form action.
Reply all
Reply to author
Forward
0 new messages