You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@commons.apache.org by "Bernd Eckenfels (JIRA)" <ji...@apache.org> on 2015/04/03 18:35:52 UTC

[jira] [Closed] (IO-474) veracode scan points cross site scripting vulnerability at org/.../commons/io/FileUtils.java 2095.

     [ https://issues.apache.org/jira/browse/IO-474?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Bernd Eckenfels closed IO-474.
------------------------------
    Resolution: Invalid

This is a FileUtility which allows to write bytes to a file. This can certainly be used wrongly in some conditions, but there is no inheritent security issue in this place. Especially not related to XSS (as you would not use it for web pages anyway).

Besides that, it would be good to do some research before dumping all those veracode false positives into the apache bug tracker :-/

>  veracode scan points cross site scripting vulnerability at org/.../commons/io/FileUtils.java 2095. 
> ----------------------------------------------------------------------------------------------------
>
>                 Key: IO-474
>                 URL: https://issues.apache.org/jira/browse/IO-474
>             Project: Commons IO
>          Issue Type: Bug
>    Affects Versions: 2.4
>         Environment: Linux
>            Reporter: Ananth 
>
> We use commons-io-2.4.jar. Recently our veracode scan points cross site scripting vulnerability at org/.../commons/io/FileUtils.java 2095. Do we have a recent version that addresses this issue



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)