Headline
CVE-2023-46723: If you use sendto.txt, the user who knows the IMEI can read the sendto.txt and the URL and the API key in the sendto.txt.
lte-pic32-writer is a writer for PIC32 devices. In versions 0.0.1 and prior, those who use sendto.txt
are vulnerable to attackers who known the IMEI reading the sendto.txt. The sendto.txt file can contain the SNS(such as slack and zulip) URL and API key. As of time of publication, a patch is not yet available. As workarounds, avoid using sendto.txt
or use .htaccess
to block access to sendto.txt
.
Actions
Automate any workflow
Packages
Host and manage packages
Security
Find and fix vulnerabilities
Codespaces
Instant dev environments
Copilot
Write better code with AI
Code review
Manage code changes
Issues
Plan and track work
Discussions
Collaborate outside of code
GitHub Sponsors
Fund open source developers
* The ReadME Project
GitHub community articles
- Pricing
Search code, repositories, users, issues, pull requests…
Provide feedback
Saved searches****Use saved searches to filter your results more quickly
Sign up