commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Benedikt Ritter (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (IO-474) veracode scan points cross site scripting vulnerability at org/.../commons/io/FileUtils.java 2095.
Date Fri, 03 Apr 2015 10:30:52 GMT

    [ https://issues.apache.org/jira/browse/IO-474?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14394285#comment-14394285
] 

Benedikt Ritter commented on IO-474:
------------------------------------

Please provide some more information. What exactly is the problem? How can an attacker exploit
Commons IO for an attack. Can you provide a test showing the problem?

>  veracode scan points cross site scripting vulnerability at org/.../commons/io/FileUtils.java
2095. 
> ----------------------------------------------------------------------------------------------------
>
>                 Key: IO-474
>                 URL: https://issues.apache.org/jira/browse/IO-474
>             Project: Commons IO
>          Issue Type: Bug
>    Affects Versions: 2.4
>         Environment: Linux
>            Reporter: Ananth 
>
> We use commons-io-2.4.jar. Recently our veracode scan points cross site scripting vulnerability
at org/.../commons/io/FileUtils.java 2095. Do we have a recent version that addresses this
issue



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message