Details
-
Bug
-
Status: Closed
-
Critical
-
Resolution: Fixed
-
1.11.0, 1.12.0
Description
For example, the code `if os.path.isfile(flink_conf_path):` contains CWE22 problem that calling "os.path.isfile" with the tainted value in argument 1. This constructs a path or URI using the tainted value and may thus allow an attacker to access, modify, or test the existence of critical or sensitive files.
More information about CWE22 here: https://cwe.mitre.org/data/definitions/22.html
Attachments
Issue Links
- links to