[jira] Updated: (HADOOP-2627) the map task output servlet doesn't protect against ".." attacks

Robert Chansler (JIRA) Mon, 24 Mar 2008 20:07:16 -0700

     [ 
https://issues.apache.org/jira/browse/HADOOP-2627?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Robert Chansler updated HADOOP-2627:
------------------------------------

    Fix Version/s:     (was: 0.17.0)

> the map task output servlet doesn't protect against ".." attacks
> ----------------------------------------------------------------
>
>                 Key: HADOOP-2627
>                 URL: https://issues.apache.org/jira/browse/HADOOP-2627
>             Project: Hadoop Core
>          Issue Type: Bug
>          Components: mapred
>            Reporter: Owen O'Malley
>
> The servlet we use to export the map outputs doesn't protect itself against 
> ".." attacks. However, because the code adds a /file.out.index and /file.out 
> to it, it can only be used to read files with those names.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (HADOOP-2627) the map task output servlet doesn't protect against ".." attacks

Reply via email to