Uploaded image for project: 'Commons IO'
  1. Commons IO
  2. IO-484

FilenameUtils should handle embedded null bytes

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.4
    • 2.5
    • Utilities
    • None

    Description

      embedding nulls in filenames exposes injection vectors if the application passes unsanitized data to some functions in FileNameUtils

      Attachments

        Activity

          People

            krosenvold Kristian Rosenvold
            krosenvold Kristian Rosenvold
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 1h 40m
                1h 40m