commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joerg Schaible (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (IO-508) Veracode static scan still shows 1 very high OS Command injection in commons-io-2.4.jar
Date Mon, 09 May 2016 07:19:12 GMT

     [ https://issues.apache.org/jira/browse/IO-508?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Joerg Schaible resolved IO-508.
-------------------------------
    Resolution: Won't Fix
      Assignee: Joerg Schaible

There is nothing to fix. This is a utility function and, yes, if an application uses it incorrectly
it might be used for a malfunction, but it is in the responsibility of the application to
guard the call.

> Veracode static  scan still shows 1 very high OS Command injection in commons-io-2.4.jar
> ----------------------------------------------------------------------------------------
>
>                 Key: IO-508
>                 URL: https://issues.apache.org/jira/browse/IO-508
>             Project: Commons IO
>          Issue Type: Bug
>    Affects Versions: 2.4
>         Environment: Windows
>            Reporter: I-Min Mau
>            Assignee: Joerg Schaible
>
> I cloned IO-474 because we specifically upgraded the commons-io jar in our application
recently to 2.4 jar and still sees, in the Veracode static scan result this one instance:
 17561 189 - commons-io-2.4.jar org/.../io/FileSystemUtils.java 535 4/23/16
> Since this is going to be visible on our security reports including to potential customers,
please help us at least remediate or otherwise fix in a higher version.  Thanks!  



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message