You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@lucene.apache.org by "Nazerke Seidan (Jira)" <ji...@apache.org> on 2020/09/30 09:24:00 UTC
[jira] [Created] (SOLR-14905) Update commons-io version to 2.8.0
due to security vulnerability
Nazerke Seidan created SOLR-14905:
-------------------------------------
Summary: Update commons-io version to 2.8.0 due to security vulnerability
Key: SOLR-14905
URL: https://issues.apache.org/jira/browse/SOLR-14905
Project: Solr
Issue Type: Improvement
Security Level: Public (Default Security Level. Issues are Public)
Components: security
Affects Versions: 8.6.2
Reporter: Nazerke Seidan
The {{commons-io}} (version 2.6) package is vulnerable to Path Traversal. The {{getPrefixLength}} method in {{FilenameUtils.class}} improperly verifies the hostname value received from user input before processing client requests.
The issue has been fixed in 2.7 onward:
(https://issues.apache.org/jira/browse/IO-556, https://issues.apache.org/jira/browse/IO-559)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org
For additional commands, e-mail: issues-help@lucene.apache.org