[ https://issues.apache.org/jira/browse/QPID-8600?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17608648#comment-17608648 ]
ASF subversion and git services commented on QPID-8600: ------------------------------------------------------- Commit 1f93cf1382839f7304d81c3848b4da6ef6c75020 in qpid-broker-j's branch refs/heads/main from Daniil Kirilyuk [ https://gitbox.apache.org/repos/asf?p=qpid-broker-j.git;h=1f93cf1382 ] QPID-8600: [Broker-J] File path validation in management-http plugin (#140) * QPID-8600: [Broker-J] File path validation in management-http plugin * QPID-8600: [Broker-J] Restored new line to end of file Co-authored-by: vavrtom <vavricka.to...@gmail.com> > [Broker-J] File path validation in management-http plugin > --------------------------------------------------------- > > Key: QPID-8600 > URL: https://issues.apache.org/jira/browse/QPID-8600 > Project: Qpid > Issue Type: Improvement > Components: Broker-J > Affects Versions: qpid-java-broker-8.0.6 > Reporter: Daniil Kirilyuk > Priority: Minor > > HTTP management plugin initiates a network connection in classes FileServlet > to a third-party system using user-controlled data for resource URI. This > vulnerability may be leveraged to send a request on behalf of the web server > since the request will originate from the web server's internal IP address. -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org