[ https://issues.apache.org/jira/browse/IO-484?focusedWorklogId=706955&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-706955 ]
ASF GitHub Bot logged work on IO-484: ------------------------------------- Author: ASF GitHub Bot Created on: 11/Jan/22 15:45 Start Date: 11/Jan/22 15:45 Worklog Time Spent: 10m Work Description: garydgregory commented on pull request #310: URL: https://github.com/apache/commons-io/pull/310#issuecomment-1010091785 Hi @Marcono1234 Thank you for your patience. The new docs are not quite right because we are not checking for null _bytes_, but we are checking for `\u0000` which is bigger than a `byte`, it's a `char`. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org Issue Time Tracking ------------------- Worklog Id: (was: 706955) Time Spent: 0.5h (was: 20m) > FilenameUtils should handle embedded null bytes > ----------------------------------------------- > > Key: IO-484 > URL: https://issues.apache.org/jira/browse/IO-484 > Project: Commons IO > Issue Type: Bug > Components: Utilities > Affects Versions: 2.4 > Reporter: Kristian Rosenvold > Assignee: Kristian Rosenvold > Priority: Major > Fix For: 2.5 > > Time Spent: 0.5h > Remaining Estimate: 0h > > embedding nulls in filenames exposes injection vectors if the application > passes unsanitized data to some functions in FileNameUtils -- This message was sent by Atlassian Jira (v8.20.1#820001)