[ https://issues.apache.org/jira/browse/ARIES-1934?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Christian Schneider resolved ARIES-1934. ---------------------------------------- Fix Version/s: spifly-1.2.4 Resolution: Fixed > Make sure jar/zip files are jailed to the destination directory > --------------------------------------------------------------- > > Key: ARIES-1934 > URL: https://issues.apache.org/jira/browse/ARIES-1934 > Project: Aries > Issue Type: Improvement > Reporter: Colm O hEigeartaigh > Assignee: Christian Schneider > Priority: Major > Fix For: spifly-1.2.4 > > Time Spent: 20m > Remaining Estimate: 0h > > There are a number of locations in Aries where we unzip a jar or zip file to > the filesystem, without checking that the all of the files are jailed to the > intended destination directory. This is a potential security issue as it > allows an attacked to overwrite files on the system outside of the intended > directory. -- This message was sent by Atlassian Jira (v8.3.4#803005)