jsupload.cgi.pl security issues

jijo-paulose / gwtupload

Automatically exported from code.google.com/p/gwtupload

Other

0 stars 0 forks source link

jsupload.cgi.pl security issues #166

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago

In the function writeItemContent, a directory traversal vulnerability allows an 
attacker to read any file from the system.

Original issue reported on code.google.com by manuel.carrasco.m on 30 Nov 2012 at 9:21

GoogleCodeExporter commented 9 years ago

Fixed with revision f42592345e819a98c4b10a8a08fe408b601b5db6

A new version of the library (0.6.5) have been published with the fix and it is 
available in maven public repositories 
http://repo1.maven.org/maven2/com/googlecode/gwtupload/jsupload/0.6.5/

Original comment by manuel.carrasco.m on 30 Nov 2012 at 9:25

GoogleCodeExporter commented 9 years ago

Original comment by manuel.carrasco.m on 30 Nov 2012 at 9:25

Changed state: Fixed

GoogleCodeExporter commented 9 years ago

The issue is fully explained at http://www.pwnani.com/

Original comment by manuel.carrasco.m on 30 Nov 2012 at 9:38