You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@lucene.apache.org by "Nazerke Seidan (Jira)" <ji...@apache.org> on 2020/09/30 09:24:00 UTC

[jira] [Created] (SOLR-14905) Update commons-io version to 2.8.0 due to security vulnerability

Nazerke Seidan created SOLR-14905:
-------------------------------------

             Summary: Update commons-io version to 2.8.0 due to security vulnerability
                 Key: SOLR-14905
                 URL: https://issues.apache.org/jira/browse/SOLR-14905
             Project: Solr
          Issue Type: Improvement
      Security Level: Public (Default Security Level. Issues are Public)
          Components: security
    Affects Versions: 8.6.2
            Reporter: Nazerke Seidan


The {{commons-io}} (version 2.6) package is vulnerable to Path Traversal. The {{getPrefixLength}} method in {{FilenameUtils.class}} improperly verifies the hostname value received from user input before processing client requests.

The issue has been fixed in 2.7 onward:

(https://issues.apache.org/jira/browse/IO-556, https://issues.apache.org/jira/browse/IO-559) 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org
For additional commands, e-mail: issues-help@lucene.apache.org