[
https://issues.apache.org/jira/browse/IO-461?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Arkadeep Kundu updated IO-461:
------------------------------
Description:
Commons IO is embedded in EMC Corporation's DFS 6.7SP1.
We performed Veracode scan for DFS 6.7SP1 and scan reported that code in
commons-io-1.2.jar - FileSystemUtils.java:357 (no further details) is POSSIBLY
vulnerable for OS command injection attacks.
Need update on this from Apache side.
It it really vulnerable? if yes, is it fixed in some future version?
was:
Commons IO is embedded in EMC Corporation's DFS 6.7SP1.
We performed Veracode scan for DFS 6.7SP1 and scan reported that code in
commons-io-1.2.jar - FileSystemUtils.java:357 (no further details) is POSSIBLY
vulnerable.
Need update on this from Apache side.
It it really vulnerable? if yes, is it fixed in some future version?
> Veracode scan detected OS command injection vulnerability in
> commons-io-1.2.jar - FileSystemUtils.java:357
> ----------------------------------------------------------------------------------------------------------
>
> Key: IO-461
> URL: https://issues.apache.org/jira/browse/IO-461
> Project: Commons IO
> Issue Type: Bug
> Affects Versions: 1.2
> Reporter: Arkadeep Kundu
>
> Commons IO is embedded in EMC Corporation's DFS 6.7SP1.
> We performed Veracode scan for DFS 6.7SP1 and scan reported that code in
> commons-io-1.2.jar - FileSystemUtils.java:357 (no further details) is
> POSSIBLY vulnerable for OS command injection attacks.
> Need update on this from Apache side.
> It it really vulnerable? if yes, is it fixed in some future version?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
