[ https://issues.apache.org/jira/browse/QPID-8600?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17602177#comment-17602177 ]
ASF GitHub Bot commented on QPID-8600: -------------------------------------- dakirily opened a new pull request, #140: URL: https://github.com/apache/qpid-broker-j/pull/140 This PR addresses [QPID-8600](https://issues.apache.org/jira/browse/QPID-8600) improving file path validation in http-management-plugin > [Broker-J] File path validation in management-http plugin > --------------------------------------------------------- > > Key: QPID-8600 > URL: https://issues.apache.org/jira/browse/QPID-8600 > Project: Qpid > Issue Type: Improvement > Components: Broker-J > Affects Versions: qpid-java-broker-8.0.6 > Reporter: Daniil Kirilyuk > Priority: Minor > > HTTP management plugin initiates a network connection in classes FileServlet > to a third-party system using user-controlled data for resource URI. This > vulnerability may be leveraged to send a request on behalf of the web server > since the request will originate from the web server's internal IP address. -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org