You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-dev@hadoop.apache.org by "Robert Chansler (JIRA)" <ji...@apache.org> on 2008/03/25 04:03:26 UTC
[jira] Updated: (HADOOP-2627) the map task output servlet doesn't
protect against ".." attacks
[ https://issues.apache.org/jira/browse/HADOOP-2627?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robert Chansler updated HADOOP-2627:
------------------------------------
Fix Version/s: (was: 0.17.0)
> the map task output servlet doesn't protect against ".." attacks
> ----------------------------------------------------------------
>
> Key: HADOOP-2627
> URL: https://issues.apache.org/jira/browse/HADOOP-2627
> Project: Hadoop Core
> Issue Type: Bug
> Components: mapred
> Reporter: Owen O'Malley
>
> The servlet we use to export the map outputs doesn't protect itself against ".." attacks. However, because the code adds a /file.out.index and /file.out to it, it can only be used to read files with those names.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.