You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@aries.apache.org by "Christian Schneider (Jira)" <ji...@apache.org> on 2019/11/18 08:33:00 UTC
[jira] [Resolved] (ARIES-1934) Make sure jar/zip files are jailed
to the destination directory
[ https://issues.apache.org/jira/browse/ARIES-1934?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Christian Schneider resolved ARIES-1934.
----------------------------------------
Fix Version/s: spifly-1.2.4
Resolution: Fixed
> Make sure jar/zip files are jailed to the destination directory
> ---------------------------------------------------------------
>
> Key: ARIES-1934
> URL: https://issues.apache.org/jira/browse/ARIES-1934
> Project: Aries
> Issue Type: Improvement
> Reporter: Colm O hEigeartaigh
> Assignee: Christian Schneider
> Priority: Major
> Fix For: spifly-1.2.4
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> There are a number of locations in Aries where we unzip a jar or zip file to the filesystem, without checking that the all of the files are jailed to the intended destination directory. This is a potential security issue as it allows an attacked to overwrite files on the system outside of the intended directory.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)