================
CVE-2017-1002153
================

Koji 1.13.0 does not properly validate SCM paths.


Summary
-------

Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission.


Bug fix
-------

Koji versions 1.14.0 and forward contain the fix.

This bug was tracked as `issue#563 <https://pagure.io/koji/issue/563>`_

Links
-----

Fixed versions can be found at our releases page:

    `https://pagure.io/koji/releases <https://pagure.io/koji/releases>`_