Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
Description
The LOC 324 in the file ProfileServlet.java is prone to an arbitrary file download:-
protected void doGetDownload(String fileName, final HttpServletRequest req, final HttpServletResponse resp) throws IOException { File requestedFile = ProfileServlet.OUTPUT_DIR.resolve(fileName).toAbsolutePath().toFile();
As the String fileName is directly considered as the requested file.
Which is called at LOC 180 with HTTP request directly passed:-
if (req.getParameter("file") != null) { doGetDownload(req.getParameter("file"), req, resp); return; }
Attachments
Issue Links
- links to