dotnet · Magick.NET-Q16-AnyCPUHeads-up
Magick.NET-Q16-AnyCPU: Symlink bypass due to filename parsing flaw
An incorrect parsing of the filename can result in a policy bypass and read files disallowed by a security policy using a symlink.
What changed
An incorrect parsing of the filename can result in a policy bypass and read files disallowed by a security policy using a symlink.
Who it affects
Users of Magick.NET-Q16-AnyCPU who rely on security policies to restrict file access.
What to do today
Review and update security policies to mitigate symlink-based bypass; consider updating to a patched version if available.
The trail
Collected→
Audited→
Written→
Published