-
|
Hi Community, does the critical CVE also affect the v2.x? Since the PluginManager came after version 3.x. |
Beta Was this translation helpful? Give feedback.
Replies: 6 comments 1 reply
-
|
As far as I know nobody used to check it in unsupported version. There is minimal reproduction in GHSA-7pxc-h3rv-r257, you may try yourself. PS. Using FB2 without good firewall protection is anyway bad idea. And if you have well-tuned protection bug becomes not so critical? |
Beta Was this translation helpful? Give feedback.
-
|
IIRC, there are no external routines in v2.x. |
Beta Was this translation helpful? Give feedback.
-
|
Although Firebird 2.x doesn't have external routines, UDF have a similar flaw. That said, Firebird 2.5 has been end-of-life since June 2019: if you care about security, it is high time you upgrade. |
Beta Was this translation helpful? Give feedback.
This comment has been hidden.
This comment has been hidden.
-
|
For UDFs this is well-known issue which was fixed decades ago -- |
Beta Was this translation helpful? Give feedback.
-
|
Besides, UDF handling code normalize path instead of simple concatenation. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks guys, it helped a lot. |
Beta Was this translation helpful? Give feedback.
IIRC, there are no external routines in v2.x.