Uploaded image for project: 'Struts 2'
  1. Struts 2
  2. WW-5371

Use action based callback to transfer information about uploaded files

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 6.4.0
    • Core Interceptors
    • None

    Description

      Based on experience of the latest security vulnerability (CVE-2023-50164) it would be better to keep uploaded files out of scope of passed parameters.

      The idea is to have a dedicated interceptor and *Aware interface instead of using parameter injection as it happens currently.

      Attachments

        Activity

          People

            lukaszlenart Lukasz Lenart
            lukaszlenart Lukasz Lenart
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 2h
                2h