Uploaded image for project: 'FOLIO'
  1. FOLIO
  2. FOLIO-3636

mod-workflow postHandleEventsWithFile Path Traversal vulnerability

    XMLWordPrintable

Details

    • Other dev
    • Implementation coding issue

    Description

      https://github.com/folio-org/mod-workflow/blob/13289327f0b4c14364387fb50e00d5f6b3571306/service/src/main/java/org/folio/rest/workflow/controller/EventController.java#L93

      overwrites a file at a path location provided in the HTTP request.

      How is the .jar file protected from being overwritten (Remote Code Execution)?

      How are files from tenant a being protected from getting overwritten by tenant b?

      Learn more about Relative Path Traversal at https://cwe.mitre.org/data/definitions/23.html

      TestRail: Results

        Attachments

          Activity

            People

              huff Jeremy Huff
              julianladisch Julian Ladisch
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:

                TestRail: Runs

                  TestRail: Cases