Uploaded image for project: 'Struts 2'
  1. Struts 2
  2. WW-4136

Demonstrate proper input sanitizing for file download showcase example

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.3.15
    • Fix Version/s: 2.3.15.1, 2.3.16
    • Component/s: Example Applications
    • Labels:
      None

      Description

      inputPath parameter of FileDownloadAction is not sanitized to avoid accessing WEB-INF directory.

      Originally reported by Takayoshi isayama of Mitsui Bussan Secure Directions, Inc..

        Attachments

          Activity

            People

            • Assignee:
              rgielen René Gielen
              Reporter:
              rgielen René Gielen
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: