Executables are allowed to be uploaded through 3Scale WebUI

Solution Unverified - Updated -


Image file uploads in the 3Scale console allow executable (.exe, .dll's) files to be transferred to the server. This violates a security directive for most customers.

In the "Logo edit" portion of the webUI - uploading any file is allowed, not just expected image files (.jpg, .jpeg, .png, .gif).


  • 3scale 2.5 and previous versions
  • OpenShift 3.11

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content