aries-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (Jira)" <j...@apache.org>
Subject [jira] [Commented] (ARIES-1934) Make sure jar/zip files are jailed to the destination directory
Date Mon, 18 Nov 2019 08:33:00 GMT

    [ https://issues.apache.org/jira/browse/ARIES-1934?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16976360#comment-16976360
] 

ASF subversion and git services commented on ARIES-1934:
--------------------------------------------------------

Commit e8477faa3f37b7b1cab61e634137224552978f80 in aries's branch refs/heads/trunk from Colm
O hEigeartaigh
[ https://gitbox.apache.org/repos/asf?p=aries.git;h=e8477fa ]

ARIES-1934 - Make sure jar/zip files are jailed to the destination directory


> Make sure jar/zip files are jailed to the destination directory
> ---------------------------------------------------------------
>
>                 Key: ARIES-1934
>                 URL: https://issues.apache.org/jira/browse/ARIES-1934
>             Project: Aries
>          Issue Type: Improvement
>            Reporter: Colm O hEigeartaigh
>            Assignee: Christian Schneider
>            Priority: Major
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> There are a number of locations in Aries where we unzip a jar or zip file to the filesystem,
without checking that the all of the files are jailed to the intended destination directory.
This is a potential security issue as it allows an attacked to overwrite files on the system
outside of the intended directory.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message