READ MORE A new wave of security researchers have uncovered a vulnerability in Shiny Server, the popular cloud-based application that lets users upload and share files with each other.
Researchers have uncovered the flaw in a beta version of the application that was downloaded from GitHub on Friday, The Information has reported.
The vulnerability is a critical vulnerability that allows remote code execution on the Shiny Server application, according to the researchers.
Users of Shiny Server can download and run code on their computers to make a backup copy of a file or modify a file in a way that would allow malicious code to run on the computer.
The security researchers said they discovered the flaw after they downloaded the application and noticed that the app was not being used to upload files to GitHub, the main repository of GitHub projects.
Shiny Server has been used to store files for more than 40 million users.
GitHub said it had been informed of the security vulnerability and would take appropriate steps to mitigate the risk.
“We have no further comment at this time,” a spokeswoman said in an emailed statement.
The researchers were able to download the application from GitHub by using a shellcode that was not present on the codebase.
“The Shiny server application, along with all other code stored on GitHub, was not secured against the exploit,” the researchers wrote.
“Shiny server downloads do not encrypt user data or use HTTPS.”
The researchers also said they found a flaw in how Shiny Server handles file uploads.
“Uploading a file from GitHub would not send the file to the Shiny server server, because the uploaded file would be stored in the GitHub folder instead of being in the uploader’s local filesystem,” the authors wrote.
They said the security flaw means that users could upload files that had been uploaded to Shiny Server and then upload files from other servers to the same folder without any protection against uploads from the attacker’s own GitHub account.
The exploit was initially disclosed on Tuesday.
The researchers said that although the vulnerability was not directly related to GitHub the vulnerability could have been exploited by an attacker who was using GitHub to upload a file to Shiny server.
“A malicious user could upload the files from a malicious GitHub account and then request the uploaded files from Shiny server via the GitHub client.
This attack would allow the malicious user to access sensitive data on the GitHub server without having to enter credentials,” the security researchers wrote in their blog post.”
The flaw was first disclosed in December 2015 by the security research firm CloudFlare.”
Shiny is the only cloud-enabled application that can securely store uploaded files.”
The flaw was first disclosed in December 2015 by the security research firm CloudFlare.