[
https://issues.apache.org/jira/browse/ARIES-1934?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16976361#comment-16976361
]
ASF subversion and git services commented on ARIES-1934:
--------------------------------------------------------
Commit 9ef209c8d5cc684261efb3e18a5cf961f4ab2f00 in aries's branch
refs/heads/trunk from Christian Schneider
[ https://gitbox.apache.org/repos/asf?p=aries.git;h=9ef209c ]
Merge pull request #102 from coheigea/ARIES-1934
ARIES-1934 - Make sure jar/zip files are jailed to the destination di…
> Make sure jar/zip files are jailed to the destination directory
> ---------------------------------------------------------------
>
> Key: ARIES-1934
> URL: https://issues.apache.org/jira/browse/ARIES-1934
> Project: Aries
> Issue Type: Improvement
> Reporter: Colm O hEigeartaigh
> Assignee: Christian Schneider
> Priority: Major
> Time Spent: 20m
> Remaining Estimate: 0h
>
> There are a number of locations in Aries where we unzip a jar or zip file to
> the filesystem, without checking that the all of the files are jailed to the
> intended destination directory. This is a potential security issue as it
> allows an attacked to overwrite files on the system outside of the intended
> directory.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
