ZeroNet - Decentralized websites using Bitcoin crypto and BitTorrent network
OTHER License
In ZeroNet before rev4188 the wrapper template variables was rendered incorrectly.
Result: The opened site was able to gain WebSocket connection with unrestricted ADMIN/NOSANDBOX access, change configuration values and possible RCE on the client's machine.
Fix: Fixed the template rendering code, disallowed WebSocket connections from unknown locations,
restricted open_browser configuration values to avoid possible RCE in case of sandbox escape.
Published by HelloZeroNet about 5 years ago
Published by HelloZeroNet over 5 years ago
~
in filenames (by d14na){data}
for data dir variable in trackers_file valuePublished by HelloZeroNet about 6 years ago
In ZeroNet 0.6.3 Rev3615 and earlier as a result of invalid file type detection, a malicious site could escape the iframe sandbox.
Result: Browser iframe sandbox escape
Applied fix: Replaced the previous, file extension based file type identification with a proper one.
Affected versions: All versions before ZeroNet Rev3616
Published by HelloZeroNet about 6 years ago
Published by HelloZeroNet over 6 years ago
as
API command on different sites with Cors permission--log_level
to reduce log verbosity and IO load--debug_gevent
and turned on Gevent block logging by defaultPublished by HelloZeroNet over 6 years ago
Published by HelloZeroNet about 7 years ago
--download_optional auto
argument to enable automatic optional file downloading for newly added sitePublished by HelloZeroNet about 7 years ago
Added
Changed
Fixed
Published by HelloZeroNet over 7 years ago
Fix
Added
Changed
Published by HelloZeroNet over 7 years ago
Published by HelloZeroNet over 7 years ago
Published by HelloZeroNet over 7 years ago
Published by HelloZeroNet over 7 years ago
Published by HelloZeroNet over 7 years ago
Published by HelloZeroNet almost 8 years ago
Published by HelloZeroNet about 8 years ago
Published by HelloZeroNet about 8 years ago
Published by HelloZeroNet about 8 years ago
Published by HelloZeroNet over 8 years ago