You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@struts.apache.org by bu...@apache.org on 2006/03/07 01:18:31 UTC

DO NOT REPLY [Bug 38749] - [extras] XSS vulnerability in LookupDispatchAction

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38749>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=38749


niallp@apache.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED




------- Additional Comments From niallp@apache.org  2006-03-07 00:18 -------
Fixed in both the current trunk and 1.2.x branch, thanks for reporting this:

http://svn.apache.org/viewcvs.cgi?rev=383718&view=rev
http://svn.apache.org/viewcvs.cgi?rev=383720&view=rev

As well as LookupDispatchAction I also modified DispatchAction and 
ActionDispatcher which could expose the same issue when the 
NoSuchMethodException is thrown for an invalid method input through a parameter.

Closing as FIXED.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org