(no title)
dither8 | 1 year ago
RCE Vulnerability in QBittorrent - https://news.ycombinator.com/item?id=42004219
See also:
https://news.ycombinator.com/item?id=38506835, 11 months ago, 14 comments
dither8 | 1 year ago
RCE Vulnerability in QBittorrent - https://news.ycombinator.com/item?id=42004219
See also:
https://news.ycombinator.com/item?id=38506835, 11 months ago, 14 comments
AlbertoGP|1 year ago
> RCE Vulnerability in QBittorrent - https://news.ycombinator.com/item?id=42004219
Worth noting that Rust will not prevent that kind of security hole:
> To be fair, this function ignoreSslErrors is not from the authors of qBittorrent, it comes from QT framework. The idea behind the function is that you provide it a small whitelist of errors you wish to ignore, for example in a Dev build you may well want to ignore self-signed errors for your Dev environment. The trouble is, you can call it with no arguments and this means you will ignore every error. This may have been misunderstood by the qBittorrent maintainers, maybe not.