dxbjavid opened a new pull request, #745:
URL: https://github.com/apache/commons-text/pull/745
PathFence.apply() calls path.normalize().toAbsolutePath(), so leading ..
segments survive normalize() and toAbsolutePath() then prepends the working
directory. The component-wise startsWith(root) check matches the prefix even
though the real path escapes the fence, e.g. ${file:UTF-8:../secret} reads
outside a fence rooted at the working directory. Resolve to absolute first,
then normalize, for both the roots and the candidate path.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
