commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Arkadeep Kundu (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (IO-461) Veracode scan detected OS command injection vulnerability in commons-io-1.2.jar - FileSystemUtils.java:357
Date Mon, 01 Dec 2014 10:17:12 GMT

     [ https://issues.apache.org/jira/browse/IO-461?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Arkadeep Kundu updated IO-461:
------------------------------
    Description: 
Commons IO is embedded in EMC Corporation's DFS 6.7SP1.
We performed Veracode scan for DFS 6.7SP1 and scan reported that code in commons-io-1.2.jar
- FileSystemUtils.java:357 (no further details) is POSSIBLY vulnerable for OS command injection
attacks.

Need update on this from Apache side.
It it really vulnerable? if yes, is it fixed in some future version?

  was:
Commons IO is embedded in EMC Corporation's DFS 6.7SP1.
We performed Veracode scan for DFS 6.7SP1 and scan reported that code in commons-io-1.2.jar
- FileSystemUtils.java:357 (no further details) is POSSIBLY vulnerable.

Need update on this from Apache side.
It it really vulnerable? if yes, is it fixed in some future version?


> Veracode scan detected OS command injection vulnerability in commons-io-1.2.jar - FileSystemUtils.java:357
> ----------------------------------------------------------------------------------------------------------
>
>                 Key: IO-461
>                 URL: https://issues.apache.org/jira/browse/IO-461
>             Project: Commons IO
>          Issue Type: Bug
>    Affects Versions: 1.2
>            Reporter: Arkadeep Kundu
>
> Commons IO is embedded in EMC Corporation's DFS 6.7SP1.
> We performed Veracode scan for DFS 6.7SP1 and scan reported that code in commons-io-1.2.jar
- FileSystemUtils.java:357 (no further details) is POSSIBLY vulnerable for OS command injection
attacks.
> Need update on this from Apache side.
> It it really vulnerable? if yes, is it fixed in some future version?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message