Bug 958221 - plexus-utils: directory traversal in org.codehaus.plexus.util.Expand
Summary: plexus-utils: directory traversal in org.codehaus.plexus.util.Expand
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: plexus-utils
Version: 20
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Mikolaj Izdebski
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: 1009414 958220
TreeView+ depends on / blocked
 
Reported: 2013-04-30 15:32 UTC by Florian Weimer
Modified: 2016-05-09 04:28 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 1009414 (view as bug list)
Environment:
Last Closed: 2015-05-14 10:31:33 UTC


Attachments (Terms of Use)

Description Florian Weimer 2013-04-30 15:32:49 UTC
org.codehaus.plexus.util.Expand does not guard against directory traversal, but such protection is generally expected from unarchiving tools.

I think the class should just be deprecated and removed because there do not appear to be any users left (not even a test case).

Comment 1 Fedora End Of Life 2013-09-16 13:43:25 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 20 development cycle.
Changing version to '20'.

More information and reason for this action is here:
https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora20

Comment 2 Mikolaj Izdebski 2015-05-14 10:31:33 UTC
This is feature request and as such it has been forwarded upstream: http://jira.codehaus.org/browse/PLXUTILS-178

Comment 4 Mikolaj Izdebski 2016-05-09 04:28:44 UTC
Fixed in upstream version 3.0.24


Note You need to log in before you can comment on or make changes to this bug.