[OSM-dev] Overpass v0.7.55.7 fixes vulnerability
roland.olbricht at gmx.de
Fri May 3 14:55:04 UTC 2019
a new update of Overpass API is available. As this fixes a security
issue, I strongly encourage you to install the fix right now.
The release is as usual available via
The public servers have already been updated.
The issue is XSS, i.e. you can place arbitrary HTML such that it appears
to originate from the Overpass server by sending a crafted request to
the server. No personal data has been leaked because Overpass servers do
not process any. No attack in the wild is known so far. Details will
follow in a couple of days.
I would like to thank the people that have reported the vulnerability.
More information about the dev