CVE-2017-1002153¶
Koji 1.13.0 does not properly validate SCM paths.
Summary¶
Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission.
Bug fix¶
Koji versions 1.14.0 and forward contain the fix.
This bug was tracked as issue#563
Links¶
Fixed versions can be found at our releases page: