Tricking the "Create snippet" feature into displaying the wrong filetype can lead to RCE on Slack users
High
S
Slack
Submitted None
Team Summary
Official summary from Slack
An issue in Slack's Create snippet feature results in filetypes being displayed incorrectly. This can lead to RCE if a Slack user downloads an executable file thinking that it is a CSV or other benign file type.
Actions:
Reported by
padillac
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Bounty
$1500.00
Submitted
Weakness
Unrestricted Upload of File with Dangerous Type