Page MenuHomePhabricator
People Chocapikk1337

Chocapikk1337 (Chocapikk)
User

Projects

User does not belong to any projects.

Calendar

Heute

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Monday

  • Clear sailing ahead.

User Details

User Since
May 22 2024, 7:35 PM (10 w, 2 d)
Availability
Available
LDAP User
Unknown
MediaWiki User
Chocapikk1337 [ Global Accounts ]

Neueste Aktivität
View All

Jun 13 2024

Chocapikk1337 added a comment to T365644: Remote Code Execution on svgtranslate.

Hello @sbassett, Yes I would like to be added to the Security hall of fame, thank you !

Jun 13 2024, 5:49 AM · Patch-For-Review, Community-Tech (June 3-14 2024 Arctic Fox), SecTeam-Processed, SVG Translate Tool, Vuln-Inject, Security, Security-Team

May 23 2024

Chocapikk1337 added a comment to T365644: Remote Code Execution on svgtranslate.

I also have another question. I don't think this is necessary. But a CVE ID can be assigned to this bug or not? If yes, how is it going? Do I do the process or do you?

May 23 2024, 8:49 PM · Patch-For-Review, Community-Tech (June 3-14 2024 Arctic Fox), SecTeam-Processed, SVG Translate Tool, Vuln-Inject, Security, Security-Team
Chocapikk1337 added a comment to T365644: Remote Code Execution on svgtranslate.
In T365644#9826062, @sbassett wrote:

@Chocapikk1337 -

In T365644#9824252, @Samwilson wrote:

I don't mind if you write it up on your blog.

Let's wait until the issue is fully-resolved and double-check with WMF-Legal. Most of the time they are fine with public write-ups by third-parties, but sometimes they're not.

We could also add you to our security hall of fame, if you're interested.

May 23 2024, 3:05 PM · Patch-For-Review, Community-Tech (June 3-14 2024 Arctic Fox), SecTeam-Processed, SVG Translate Tool, Vuln-Inject, Security, Security-Team

May 22 2024

Chocapikk1337 added a comment to T365644: Remote Code Execution on svgtranslate.

And I have a question, once this vulnerability is patched, may I have permission to discuss the details about the vulnerability on my blog https://chocapikk.com/ for educational purposes? I believe it could provide valuable insights to the community. Thanks

May 22 2024, 8:49 PM · Patch-For-Review, Community-Tech (June 3-14 2024 Arctic Fox), SecTeam-Processed, SVG Translate Tool, Vuln-Inject, Security, Security-Team
Chocapikk1337 added a comment to T365644: Remote Code Execution on svgtranslate.
In T365644#9823294, @sbassett wrote:

At the very least, within Renderer->render(), $lang should be sanitized via escapeshellarg() or a limiting regular-expression/allow-list.

May 22 2024, 8:28 PM · Patch-For-Review, Community-Tech (June 3-14 2024 Arctic Fox), SecTeam-Processed, SVG Translate Tool, Vuln-Inject, Security, Security-Team
Chocapikk1337 created T365644: Remote Code Execution on svgtranslate.
May 22 2024, 7:58 PM · Patch-For-Review, Community-Tech (June 3-14 2024 Arctic Fox), SecTeam-Processed, SVG Translate Tool, Vuln-Inject, Security, Security-Team
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits