This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push: new d6251d1cfb Fix CVE-2022-34305 XSS in the examples web application d6251d1cfb is described below commit d6251d1cfb683f1bdd00ed022ac8e9b9a7e7792c Author: Mark Thomas <ma...@apache.org> AuthorDate: Thu Jun 23 10:26:41 2022 +0100 Fix CVE-2022-34305 XSS in the examples web application The session attributes are the primary concern but filter the Principal attributes as well to be on the safe side. --- webapps/docs/changelog.xml | 4 ++++ webapps/examples/jsp/security/protected/index.jsp | 11 +++++++++-- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 188137419b..e8e5a1bac8 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -169,6 +169,10 @@ Documentation. <bug>62245</bug>: Include <code>contextXsltFile</code> when discussing options for configuring directory listings. (markt) </fix> + <fix> + Examples. Fix CVE-2022-34305, a low severity XSS vulnerability in the + Form authentication example. (markt) + </fix> </changelog> </subsection> <subsection name="Other"> diff --git a/webapps/examples/jsp/security/protected/index.jsp b/webapps/examples/jsp/security/protected/index.jsp index 75ac4bcc66..09c23e7219 100644 --- a/webapps/examples/jsp/security/protected/index.jsp +++ b/webapps/examples/jsp/security/protected/index.jsp @@ -107,7 +107,11 @@ enter it here: } type = type.replaceFirst("^java\\.lang\\.", ""); %> -<tr><td><%= name %></td><td><%= value %></td><td><%= type %></td> +<tr> + <td><%= util.HTMLFilter.filter(name) %></td> + <td><%= util.HTMLFilter.filter(String.valueOf(value)) %></td> + <td><%= util.HTMLFilter.filter(type) %></td> +</tr> <% } %> @@ -139,7 +143,10 @@ To add some data to the authenticated session, enter it here: while (names.hasMoreElements()) { String name = names.nextElement(); %> -<tr><td><%= name %></td><td><%= session.getAttribute(name) %></td> +<tr> + <td><%= util.HTMLFilter.filter(name) %></td> + <td><%= util.HTMLFilter.filter(String.valueOf(session.getAttribute(name))) %></td> +</tr> <% } %> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org