Issue Details (XML | Word | Printable)

Key: JERSEY-1055
Type: Task Task
Status: Resolved Resolved
Resolution: Fixed
Priority: Minor Minor
Assignee: Michal Gajdos
Reporter: h3xstream
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
jersey

Fix vulnerable sample of code in documentation

Created: 30/Mar/12 12:24 AM   Updated: 03/Apr/12 09:56 AM   Resolved: 03/Apr/12 09:56 AM
Component/s: docs
Affects Version/s: 1.12
Fix Version/s: 1.13

Time Tracking:
Not Specified

Tags: documentation security
Participants: h3xstream and Michal Gajdos


 Description  « Hide

http://jersey.java.net/nonav/documentation/latest/jax-rs.html#d4e324

The previous sample of code provided in the documentation should sanitize the parameter image before being pass to the File constructor.

... or the section could be rename "Filesystem backdoor"



There are no comments yet on this issue.