Details
-
Type:
Bug
-
Status: Resolved
-
Priority:
P4
-
Resolution: Duplicate
-
Affects Version/s: None
-
Fix Version/s: 9
-
Component/s: deploy
-
Environment:
Ubuntu 12.04 x64
java version "1.7.0_21"
Java(TM) SE Runtime Environment (build 1.7.0_21-b08)
Java HotSpot(TM) Server VM (build 23.21-b01, mixed mode)
-
Subcomponent:
Description
If we'll write some crap into properties file, that needs to be escaped, i.e. double-quotes, we see that this line is not changed, so software that uses packager might be vulnerable because of this.
I attach some HelloWorld project to see this, to invoke it with htmlparamfiles type:
ant -f simple-build-big-cli.xml deploy-with-htmlparamfile
I attach some HelloWorld project to see this, to invoke it with htmlparamfiles type:
ant -f simple-build-big-cli.xml deploy-with-htmlparamfile