We're a place where coders share, stay up-to-date and grow their careers.
This patch was also vulnerable ;)
As the regex ended with $, we could bypass it with a newline, then /../../.. + raw gist
$
/../../..
github.com/thepracticaldev/dev.to/...
This was fixed by using \A and \Z instead of ^ and $!
\A
\Z
^
This patch was also vulnerable ;)
As the regex ended with
$, we could bypass it with a newline, then/../../..+ raw gistgithub.com/thepracticaldev/dev.to/...
This was fixed by using
\Aand\Zinstead of^and$!