[
https://issues.apache.org/jira/browse/IO-461?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14229663#comment-14229663
]
Joerg Schaible commented on IO-461:
-----------------------------------
Why do you expect any reaction, if you report probable vulnerabilities for
ancient versions of this component? Version 1.2 was released 8 years ago. So
please do us all a favor and run your tests against a current release and
report back, if you found something there.
> Veracode scan detected OS command injection vulnerability in
> commons-io-1.2.jar - FileSystemUtils.java:357
> ----------------------------------------------------------------------------------------------------------
>
> Key: IO-461
> URL: https://issues.apache.org/jira/browse/IO-461
> Project: Commons IO
> Issue Type: Bug
> Affects Versions: 1.2
> Reporter: Arkadeep Kundu
>
> Commons IO is embedded in EMC Corporation's DFS 6.7SP1.
> We performed Veracode scan for DFS 6.7SP1 and scan reported that code in
> commons-io-1.2.jar - FileSystemUtils.java:357 (no further details) is
> POSSIBLY vulnerable for OS command injection attacks.
> Need update on this from Apache side.
> It it really vulnerable? if yes, is it fixed in some future version?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
