CVE-2017-1002153

Koji 1.13.0 does not properly validate SCM paths.

Summary

Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission.

Bug fix

Koji versions 1.14.0 and forward contain the fix.

This bug was tracked as issue#563

Links

Fixed versions can be found at our releases page:

https://pagure.io/koji/releases