Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Kaltura PHP5 API Client uses curl_exec without proper validation. #579

Open
SachinT123 opened this issue Oct 8, 2020 · 1 comment
Open

Comments

@SachinT123
Copy link

Security scans indicate that the code snippet is vulnerable for XSS attack without sanitization of data for the cURL request.

KalturaClient/KalturaClientBase.php -- line 588, 643


// Set custom headers
curl_setopt($ch, CURLOPT_HTTPHEADER, $requestHeaders);

// Save response headers
curl_setopt($ch, CURLOPT_HEADERFUNCTION, array($this, 'readHeader') );

$destinationResource = null;
if($this->destinationPath)
{
	$destinationResource = fopen($this->destinationPath, "wb");
	curl_setopt($ch, CURLOPT_FILE, $destinationResource);
}
else
{
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
}

$result = curl_exec($ch);

if($destinationResource)
	fclose($destinationResource);

$curlError = curl_error($ch);
curl_close($ch);
return array($result, $curlError);

@kaltura-hooks
Copy link

Hi @SachinT123,

Thank for you reporting an issue and helping improve Kaltura!

To get the fastest response time, and help the maintainers review and test your reported issues or suggestions, please ensure that your issue includes the following (please comment with more info if you have not included all this info in your original issue):

  • Is the issue you're experiencing consistent and across platforms? or does it only happens on certain conditions?
    please provide as much details as possible.
  • Which Kaltura deployment you're using: Kaltura SaaS, or self-hosted?
    If self hosted, are you using the RPM or deb install?
  • Packages installed.
    When using RPM, paste the output for:
	# rpm -qa \"kaltura*\"
For deb based systems:
	# dpkg -l \"kaltura-*\"
  • If running a self hosted ENV - provide the MySQL server version used
  • If running a self hosted ENV - is this a single all in 1 server or a cluster?
  • If running a self hosted ENV, while making the problematic request, run:
	# tail -f /opt/kaltura/log/*.log /opt/kaltura/log/batch/*.log | grep -A 1 -B 1 --color \"ERR:\|PHP\|trace\|CRIT\|\[error\]\"

and paste the output.

  • When relevant, provide any screenshots or screen recordings showing the issue you're experiencing.

For general troubleshooting see:
https://github.com/kaltura/platform-install-packages/blob/Jupiter-10.13.0/doc/kaltura-packages-faq.md#troubleshooting-help

If you only have a general question rather than a bug report, please close this issue and post at:
http://forum.kaltura.org

Thank you in advance,

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

No branches or pull requests

2 participants