google/gtm-session-fetcher

Path Manipulation

Shakihassan opened this issue · 1 comments

Attackers are able to control the file system path argument to removeItemAtURL:error:() at GTMSessionUploadFetcher.m line 1565, which allows them to access or modify otherwise protected files.Attackers are able to control the file system path argument which allows them to access or modify otherwise protected files.

Reported by fortify on demand

Dup of #171