The previous change prevents the transformer from writing a file outside of
the working directory.
However it still produced an entry for an errant file when producing just contents,
and not writing to the file system. However, the errant path would be added to the
message and might be used by subsequent components to write to the file system.
This situation is present in the UnZip2FileTests.
While this vulnerability is not directly exposed by the framework, user applications
could be affected by it.
The previous change prevents the transformer from writing a file outside of the working directory.
However it still produced an entry for an errant file when producing just contents, and not writing to the file system. However, the errant path would be added to the message and might be used by subsequent components to write to the file system.
This situation is present in the
UnZip2FileTests.While this vulnerability is not directly exposed by the framework, user applications could be affected by it.