Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[#514] Secure validation of path of zipFile #516

Merged
merged 1 commit into from
Mar 4, 2024
Merged

[#514] Secure validation of path of zipFile #516

merged 1 commit into from
Mar 4, 2024

Conversation

laurentschoelens
Copy link
Collaborator

Fixes #514

Validate path of zipFile before taking it

@laurentschoelens laurentschoelens added this to the 4.0.6 milestone Mar 4, 2024
@laurentschoelens laurentschoelens changed the title [#514] fix CVE on JarScanner [#514] Secure validation of path of zipFile Mar 4, 2024
mattrpav
mattrpav approved these changes Mar 4, 2024
View reviewed changes
Copy link
Collaborator

@mattrpav mattrpav left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Note: File.pathSeparator is not in scope here, as jars do not use platform-dependent path.

@mattrpav mattrpav merged commit 4a3fc57 into highsource:master Mar 4, 2024
3 checks passed
@mattrpav mattrpav deleted the jt-514 branch March 4, 2024 19:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mattrpav mattrpav mattrpav approved these changes

Assignees

@mattrpav mattrpav

Labels
bug
Projects
None yet
Milestone
4.0.6
Development

Successfully merging this pull request may close these issues.

Fix code scanning alert related to ".." path scanning
2 participants
@laurentschoelens @mattrpav