[jira] [Resolved] (FELIX-6189) Make sure jar/zip files are jailed to the destination directory

Carsten Ziegeler (Jira) Sun, 13 Apr 2025 02:02:27 -0700


     [ 
https://issues.apache.org/jira/browse/FELIX-6189?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Carsten Ziegeler resolved FELIX-6189.
-------------------------------------
    Resolution: Won't Fix

Five years without activity, therefore closing this issue

> Make sure jar/zip files are jailed to the destination directory
> ---------------------------------------------------------------
>
>                 Key: FELIX-6189
>                 URL: https://issues.apache.org/jira/browse/FELIX-6189
>             Project: Felix
>          Issue Type: Improvement
>            Reporter: Colm O hEigeartaigh
>            Priority: Major
>
> There are a number of locations in Felix where we unzip a jar or zip file to 
> the filesystem, without checking that the all of the files are jailed to the 
> intended destination directory. This is a potential security issue as it 
> allows an attacked to overwrite files on the system outside of the intended 
> directory.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (FELIX-6189) Make sure jar/zip files are jailed to the destination directory

Reply via email to