You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@commons.apache.org by Thusitha Thilina Dayaratne <th...@gmail.com> on 2016/08/16 04:30:31 UTC
Is Commons File Upload FileItem.getName() Vulnerable for "Tainted
filename read"?
Hi,
I did a findsecuritybug scan for one of my project which uses
commons-fileupload. There tool report that below code segment is suspicious
for Tainted filename read.
String fileName = item.getName()
Could someone tell me whether Is there a protection against that from
commons-fileupload implementation itself? Or users have to manually check
validated the file name?
Thanks
Thusitha