Sometimes he is your friend, but somtimes he is your enemy (CVE-2018-12907)

Have you been use Rclone? Rclone is an opensource tool for syncing to various forms of cloud storage. In Rclone 1.42, use of “rclone sync” to migrate data between two Google Cloud Storage buckets might allow attackers to trigger the transmission of any URL’s content to Google, because there is no validation of a URL field received from the Google Cloud Storage API server.

Should you have interest of this topic, please refer below url for reference.

http://openwall.com/lists/oss-security/2018/06/27/3

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.