You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Jorge Solórzano (Jira)" <ji...@apache.org> on 2022/01/18 14:05:00 UTC
[jira] [Updated] (MWRAPPER-51) Refactor using Java Path API (NIO.2)
[ https://issues.apache.org/jira/browse/MWRAPPER-51?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jorge Solórzano updated MWRAPPER-51:
------------------------------------
Summary: Refactor using Java Path API (NIO.2) (was: Improve MavenWrapperDownloader.java using Java Path API (NIO.2))
> Refactor using Java Path API (NIO.2)
> ------------------------------------
>
> Key: MWRAPPER-51
> URL: https://issues.apache.org/jira/browse/MWRAPPER-51
> Project: Maven Wrapper
> Issue Type: Improvement
> Components: Maven Wrapper Scripts
> Affects Versions: 3.1.0
> Reporter: Jorge Solórzano
> Priority: Normal
>
> MavenWrapperDownloader.java could be improved by using the Java Path API (NIO.2) available since Java 7 and also include some checks in paths.
> Also, Snyk reports a potential vulnerability of Unsanitized input from a command-line argument flows into java.io.File* where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to read/write arbitrary files.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)