hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Chansler (JIRA)" <j...@apache.org>
Subject [jira] Updated: (HADOOP-2627) the map task output servlet doesn't protect against ".." attacks
Date Tue, 25 Mar 2008 03:03:26 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-2627?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Robert Chansler updated HADOOP-2627:
------------------------------------

    Fix Version/s:     (was: 0.17.0)

> the map task output servlet doesn't protect against ".." attacks
> ----------------------------------------------------------------
>
>                 Key: HADOOP-2627
>                 URL: https://issues.apache.org/jira/browse/HADOOP-2627
>             Project: Hadoop Core
>          Issue Type: Bug
>          Components: mapred
>            Reporter: Owen O'Malley
>
> The servlet we use to export the map outputs doesn't protect itself against ".." attacks.
However, because the code adds a /file.out.index and /file.out to it, it can only be used
to read files with those names.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message