commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joerg Schaible (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (IO-461) Veracode scan detected OS command injection vulnerability in commons-io-1.2.jar - FileSystemUtils.java:357
Date Mon, 01 Dec 2014 11:12:12 GMT

    [ https://issues.apache.org/jira/browse/IO-461?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14229663#comment-14229663
] 

Joerg Schaible commented on IO-461:
-----------------------------------

Why do you expect any reaction, if you report probable vulnerabilities for ancient versions
of this component? Version 1.2 was released 8 years ago. So please do us all a favor and run
your tests against a current release and report back, if you found something there.

> Veracode scan detected OS command injection vulnerability in commons-io-1.2.jar - FileSystemUtils.java:357
> ----------------------------------------------------------------------------------------------------------
>
>                 Key: IO-461
>                 URL: https://issues.apache.org/jira/browse/IO-461
>             Project: Commons IO
>          Issue Type: Bug
>    Affects Versions: 1.2
>            Reporter: Arkadeep Kundu
>
> Commons IO is embedded in EMC Corporation's DFS 6.7SP1.
> We performed Veracode scan for DFS 6.7SP1 and scan reported that code in commons-io-1.2.jar
- FileSystemUtils.java:357 (no further details) is POSSIBLY vulnerable for OS command injection
attacks.
> Need update on this from Apache side.
> It it really vulnerable? if yes, is it fixed in some future version?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message