[jira] [Commented] (QPID-8600) [Broker-J] File path validation in management-http plugin
[ https://issues.apache.org/jira/browse/QPID-8600?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17608648#comment-17608648 ] ASF subversion and git services commented on QPID-8600: --- Commit 1f93cf1382839f7304d81c3848b4da6ef6c75020 in qpid-broker-j's branch refs/heads/main from Daniil Kirilyuk [ https://gitbox.apache.org/repos/asf?p=qpid-broker-j.git;h=1f93cf1382 ] QPID-8600: [Broker-J] File path validation in management-http plugin (#140) * QPID-8600: [Broker-J] File path validation in management-http plugin * QPID-8600: [Broker-J] Restored new line to end of file Co-authored-by: vavrtom > [Broker-J] File path validation in management-http plugin > - > > Key: QPID-8600 > URL: https://issues.apache.org/jira/browse/QPID-8600 > Project: Qpid > Issue Type: Improvement > Components: Broker-J >Affects Versions: qpid-java-broker-8.0.6 >Reporter: Daniil Kirilyuk >Priority: Minor > > HTTP management plugin initiates a network connection in classes FileServlet > to a third-party system using user-controlled data for resource URI. This > vulnerability may be leveraged to send a request on behalf of the web server > since the request will originate from the web server's internal IP address. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (QPID-8600) [Broker-J] File path validation in management-http plugin
[ https://issues.apache.org/jira/browse/QPID-8600?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17608647#comment-17608647 ] ASF GitHub Bot commented on QPID-8600: -- vavrtom merged PR #140: URL: https://github.com/apache/qpid-broker-j/pull/140 > [Broker-J] File path validation in management-http plugin > - > > Key: QPID-8600 > URL: https://issues.apache.org/jira/browse/QPID-8600 > Project: Qpid > Issue Type: Improvement > Components: Broker-J >Affects Versions: qpid-java-broker-8.0.6 >Reporter: Daniil Kirilyuk >Priority: Minor > > HTTP management plugin initiates a network connection in classes FileServlet > to a third-party system using user-controlled data for resource URI. This > vulnerability may be leveraged to send a request on behalf of the web server > since the request will originate from the web server's internal IP address. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (QPID-8600) [Broker-J] File path validation in management-http plugin
[ https://issues.apache.org/jira/browse/QPID-8600?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17602177#comment-17602177 ] ASF GitHub Bot commented on QPID-8600: -- dakirily opened a new pull request, #140: URL: https://github.com/apache/qpid-broker-j/pull/140 This PR addresses [QPID-8600](https://issues.apache.org/jira/browse/QPID-8600) improving file path validation in http-management-plugin > [Broker-J] File path validation in management-http plugin > - > > Key: QPID-8600 > URL: https://issues.apache.org/jira/browse/QPID-8600 > Project: Qpid > Issue Type: Improvement > Components: Broker-J >Affects Versions: qpid-java-broker-8.0.6 >Reporter: Daniil Kirilyuk >Priority: Minor > > HTTP management plugin initiates a network connection in classes FileServlet > to a third-party system using user-controlled data for resource URI. This > vulnerability may be leveraged to send a request on behalf of the web server > since the request will originate from the web server's internal IP address. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org