Overpass API developpement

Text archives Help


[overpass] Overpass v0.7.55.7 fixes vulnerability


Chronological Thread 
  • From: Roland Olbricht < >
  • To: , " " < >
  • Subject: [overpass] Overpass v0.7.55.7 fixes vulnerability
  • Date: Fri, 3 May 2019 16:55:04 +0200

Hello everybody,

a new update of Overpass API is available. As this fixes a security
issue, I strongly encourage you to install the fix right now.
The release is as usual available via
https://dev.overpass-api.de/releases/
resp.
https://dev.overpass-api.de/releases/osm-3s_v0.7.55.7.tar.gz
The public servers have already been updated.

The issue is XSS, i.e. you can place arbitrary HTML such that it appears
to originate from the Overpass server by sending a crafted request to
the server. No personal data has been leaked because Overpass servers do
not process any. No attack in the wild is known so far. Details will
follow in a couple of days.

I would like to thank the people that have reported the vulnerability.

Best regards,

Roland


  • [overpass] Overpass v0.7.55.7 fixes vulnerability, Roland Olbricht, 05/03/2019

Archive powered by MHonArc 2.6.19+.

Top of page