Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 27 Jun 2018 11:40:47 +0200
From: Solar Designer <>
Subject: Re: rclone data exflitration / unauthorized API use

Hi Daniel,

On Tue, Jun 26, 2018 at 05:56:18PM -0700, wrote:
> Due to it's reliance on vulnerable upstream vendor SDKs & APIs, all 
> current versions of 'rclone' are subject to a variety of attacks.
> This vulnerability is an instance of a class of security vulnerabilities 
> that affect a wide variety of software. Any API which has clients 
> perform actions on arbitrary URLs chosen by the API server will lead to 
> this class of attack becoming a concern.
> Current Google Cloud Storage SDKs/APIs, Backblaze B2 APIs, and Yandex 
> Disk APIs are affected.
> No CVE is presently assigned.
> Further details at: 

We have a policy here that while list postings may refer to external
URLs, they must be complete on their own, and yours is not.  Please see:

I'm attaching a text export of your blog post to this message.  Next
time, please do something like this on your own.



View attachment "restless-vuln.txt" of type "text/plain" (5799 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ