Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Won't Fix
-
4.0.3
-
None
-
None
-
None
Description
HP Fortify SCA and SciTools Understand were used to perform an application security analysis of the karaf source code.
The method find() in GogoParser.java mishandles confidential information, which can compromise user privacy and is often illegal.
File: shell/core/src/main/java/org/apache/karaf/shell/support/parsing/GogoParser.java
Line: 332
GogoParser.java, lines 329-333:
329 while (level != 0) {
330 if (eof())