[JCR-2953] PathParser accepts illegal paths containing curly brackets - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.0.5, 2.1.5, 2.2.7
Component/s: jackrabbit-spi-commons
Labels:
None

Description

o.a.jackrabbit.spi.commons.conversion.PathParser accepts the following path:

"/public/.

{.}

/private"

the normalized resulting Path object represents "/private"

that's a potential security risk.

Attachments

Activity

People

Assignee:: Angela Schreiber

Reporter:: Stefan Guggisberg

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 02/May/11 12:07

Updated:: 23/Sep/11 14:26

Resolved:: 17/May/11 07:04