[
https://issues.apache.org/jira/browse/IO-508?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
I-Min Mau updated IO-508:
-------------------------
Description:
I cloned IO-474 because we specifically upgraded the commons-io jar in our
application recently to 2.4 jar and still sees, in the Veracode static scan
result this one instance: 17561 189 - commons-io-2.4.jar
org/.../io/FileSystemUtils.java 535 4/23/16
Since this is going to be visible on our security reports including to
potential customers, please help us at least remediate or otherwise fix in a
higher version. Thanks!
was:We use commons-io-2.4.jar. Recently our veracode scan points cross site
scripting vulnerability at org/.../commons/io/FileUtils.java 2095. Do we have a
recent version that addresses this issue
> Veracode static scan still shows 1 very high OS Command injection in
> commons-io-2.4.jar
> ----------------------------------------------------------------------------------------
>
> Key: IO-508
> URL: https://issues.apache.org/jira/browse/IO-508
> Project: Commons IO
> Issue Type: Bug
> Affects Versions: 2.4
> Environment: Linux
> Reporter: I-Min Mau
>
> I cloned IO-474 because we specifically upgraded the commons-io jar in our
> application recently to 2.4 jar and still sees, in the Veracode static scan
> result this one instance: 17561 189 - commons-io-2.4.jar
> org/.../io/FileSystemUtils.java 535 4/23/16
> Since this is going to be visible on our security reports including to
> potential customers, please help us at least remediate or otherwise fix in a
> higher version. Thanks!
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
