Closed
Description
Description
Data in the form test.Enviro will cause rule 930120 to be triggered. This is because the @pmFromFile operator is not case sensitive, and the .env entry in lfi-os-files.data does not have word boundries.
How to reproduce the misbehavior (-> curl call)
curl --request POST \
--url https://sandbox.coreruleset.org/ \
--header 'Content-Type: application/json' \
--data '{
"key": "test.Enviro"
}'Logs
See logs from the sandbox call above.
Your Environment
- CRS version (e.g., v3.3.4): v4.4.0
- Paranoia level setting (e.g. PL1) : PL1
- ModSecurity version (e.g., 2.9.6): v3.0.12
- Web Server and version or cloud provider / CDN (e.g., Apache httpd 2.4.54): nginx v1.26.1
- Operating System and version: Ubuntu 20 LTS
Confirmation
[x] I have removed any personal data (email addresses, IP addresses,
passwords, domain names) from any logs posted.