rclone data exflitration / unauthorized API use

[oss-security-list () contactdaniel net]

Due to it's reliance on vulnerable upstream vendor SDKs & APIs, all 
current versions of 'rclone' are subject to a variety of attacks.

This vulnerability is an instance of a class of security vulnerabilities 
that affect a wide variety of software. Any API which has clients 
perform actions on arbitrary URLs chosen by the API server will lead to 
this class of attack becoming a concern.

Current Google Cloud Storage SDKs/APIs, Backblaze B2 APIs, and Yandex 
Disk APIs are affected.

No CVE is presently assigned.

Further details at: 
https://www.danieldent.com/blog/restless-vulnerability-non-browser-cross-domain-http-request-attacks/

--
Daniel Dent
https://www.danieldent.com/