You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by "sergej m (JIRA)" <ji...@apache.org> on 2015/06/19 11:32:00 UTC
[jira] [Updated] (WICKET-5927) Velocity Remote Code Exception
[ https://issues.apache.org/jira/browse/WICKET-5927?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
sergej m updated WICKET-5927:
-----------------------------
Description:
Hello,
code can be possibly executed, using e.g java.lang.Runtime.exec(String command) on wicket site.
http://www.wicket-library.com/wicket-examples/velocity/wicket/bookmarkable/org.apache.wicket.examples.velocity.TemplatePage?3
The server should use a secure config in org/apache/velocity/runtime/defaults/velocity.properties:
runtime.introspector.uberspect=org.apache.velocity.util.introspection.SecureUberspector
regards
Sergej Michel
was:
Hello,
code can be possibly executed, using e.g java.lang.Runtime.exec(String command) on wicket site.
http://www.wicket-library.com/wicket-examples/velocity/wicket/bookmarkable/org.apache.wicket.examples.velocity.TemplatePage?3
regards
Sergej Michel
> Velocity Remote Code Exception
> ------------------------------
>
> Key: WICKET-5927
> URL: https://issues.apache.org/jira/browse/WICKET-5927
> Project: Wicket
> Issue Type: Bug
> Components: site
> Reporter: sergej m
>
> Hello,
> code can be possibly executed, using e.g java.lang.Runtime.exec(String command) on wicket site.
> http://www.wicket-library.com/wicket-examples/velocity/wicket/bookmarkable/org.apache.wicket.examples.velocity.TemplatePage?3
> The server should use a secure config in org/apache/velocity/runtime/defaults/velocity.properties:
> runtime.introspector.uberspect=org.apache.velocity.util.introspection.SecureUberspector
> regards
> Sergej Michel
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)