Security issue in Fuzzy.ai API fixed

We’ve identified and corrected a content spoofing issue in the API server for Fuzzy.ai. Thanks to Nessim Jerbi for identifying and reporting this security bug, as well as recommending a fix.

Our 404 handler on the API server would echo the erroneous path in its error message. An attacker could craft a path that would inject text into the error message for other users, giving the impression that it was an official message from Fuzzy.ai.

We’re not aware of any abuse of this bug having occurred. The bug has been patched on our servers and does not require any updates to client software or SDKs.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s