You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-dev@hadoop.apache.org by "Robert Chansler (JIRA)" <ji...@apache.org> on 2008/03/25 04:03:26 UTC

[jira] Updated: (HADOOP-2627) the map task output servlet doesn't protect against ".." attacks

     [ https://issues.apache.org/jira/browse/HADOOP-2627?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Robert Chansler updated HADOOP-2627:
------------------------------------

    Fix Version/s:     (was: 0.17.0)

> the map task output servlet doesn't protect against ".." attacks
> ----------------------------------------------------------------
>
>                 Key: HADOOP-2627
>                 URL: https://issues.apache.org/jira/browse/HADOOP-2627
>             Project: Hadoop Core
>          Issue Type: Bug
>          Components: mapred
>            Reporter: Owen O'Malley
>
> The servlet we use to export the map outputs doesn't protect itself against ".." attacks. However, because the code adds a /file.out.index and /file.out to it, it can only be used to read files with those names.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.