commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sebb (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (IO-461) Veracode scan detected OS command injection vulnerability in commons-io-1.2.jar - FileSystemUtils.java:357
Date Mon, 01 Dec 2014 17:24:12 GMT

     [ https://issues.apache.org/jira/browse/IO-461?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Sebb resolved IO-461.
---------------------
    Resolution: Not a Problem

Agreed.

If the tool shows a problem with the current version of IO (2.4) then please re-open the issue
with sufficient details to be able to investigate it.

> Veracode scan detected OS command injection vulnerability in commons-io-1.2.jar - FileSystemUtils.java:357
> ----------------------------------------------------------------------------------------------------------
>
>                 Key: IO-461
>                 URL: https://issues.apache.org/jira/browse/IO-461
>             Project: Commons IO
>          Issue Type: Bug
>    Affects Versions: 1.2
>            Reporter: Arkadeep Kundu
>
> Commons IO is embedded in EMC Corporation's DFS 6.7SP1.
> We performed Veracode scan for DFS 6.7SP1 and scan reported that code in commons-io-1.2.jar
- FileSystemUtils.java:357 (no further details) is POSSIBLY vulnerable for OS command injection
attacks.
> Need update on this from Apache side.
> It it really vulnerable? if yes, is it fixed in some future version?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message