View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0007101 | Taler | mechant backend | public | 2021-11-20 12:31 | 2022-11-04 20:52 |
Reporter | ms-mantis | Assigned To | sebasjm | ||
Priority | high | Severity | crash | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Target Version | 0.9 | ||||
Summary | 0007101: DoS assert should be removed. | ||||
Description | The merchant backend asserts to have the "X-Forwarded-Prefix" header *not* in place, when it servers a "POST /private/orders". That means that a client can crash the merchant by setting that header along a request! Possibly, it was a temporary solution to some other problem, but it must be removed. | ||||
Tags | No tags attached. | ||||
Date Modified | Username | Field | Change |
---|---|---|---|
2021-11-20 12:31 | ms-mantis | New Issue | |
2021-11-20 12:31 | ms-mantis | Status | new => assigned |
2021-11-20 12:31 | ms-mantis | Assigned To | => Christian Grothoff |
2021-11-20 12:43 | Christian Grothoff | Assigned To | Christian Grothoff => sebasjm |
2021-11-22 11:58 | sebasjm | Status | assigned => resolved |
2021-11-22 11:58 | sebasjm | Resolution | open => fixed |
2021-11-22 11:58 | sebasjm | Note Added: 0018523 | |
2022-10-20 10:48 | Christian Grothoff | Target Version | => 0.9 |
2022-11-04 20:52 | Christian Grothoff | Status | resolved => closed |