Uploaded image for project: 'Struts 2'
  1. Struts 2
  2. WW-4136

Demonstrate proper input sanitizing for file download showcase example

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 2.3.15
    • 2.3.15.1, 2.3.16
    • Example Applications
    • None

    Description

      inputPath parameter of FileDownloadAction is not sanitized to avoid accessing WEB-INF directory.

      Originally reported by Takayoshi isayama of Mitsui Bussan Secure Directions, Inc..

      Attachments

        Activity

          People

            rgielen René Gielen
            rgielen René Gielen
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: