Details
-
Improvement
-
Status: Closed
-
Minor
-
Resolution: Fixed
-
2.3.15
-
None
Description
inputPath parameter of FileDownloadAction is not sanitized to avoid accessing WEB-INF directory.
Originally reported by Takayoshi isayama of Mitsui Bussan Secure Directions, Inc..