You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "Joerg Schaible (JIRA)" <ji...@apache.org> on 2016/05/09 07:19:12 UTC
[jira] [Resolved] (IO-508) Veracode static scan still shows 1 very
high OS Command injection in commons-io-2.4.jar
[ https://issues.apache.org/jira/browse/IO-508?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Joerg Schaible resolved IO-508.
-------------------------------
Resolution: Won't Fix
Assignee: Joerg Schaible
There is nothing to fix. This is a utility function and, yes, if an application uses it incorrectly it might be used for a malfunction, but it is in the responsibility of the application to guard the call.
> Veracode static scan still shows 1 very high OS Command injection in commons-io-2.4.jar
> ----------------------------------------------------------------------------------------
>
> Key: IO-508
> URL: https://issues.apache.org/jira/browse/IO-508
> Project: Commons IO
> Issue Type: Bug
> Affects Versions: 2.4
> Environment: Windows
> Reporter: I-Min Mau
> Assignee: Joerg Schaible
>
> I cloned IO-474 because we specifically upgraded the commons-io jar in our application recently to 2.4 jar and still sees, in the Veracode static scan result this one instance: 17561 189 - commons-io-2.4.jar org/.../io/FileSystemUtils.java 535 4/23/16
> Since this is going to be visible on our security reports including to potential customers, please help us at least remediate or otherwise fix in a higher version. Thanks!
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)