[
https://issues.apache.org/jira/browse/MWRAPPER-51?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17475566#comment-17475566
]
ASF GitHub Bot commented on MWRAPPER-51:
----------------------------------------
jorsol opened a new pull request #13:
URL: https://github.com/apache/maven-wrapper/pull/13
https://issues.apache.org/jira/projects/MWRAPPER/issues/MWRAPPER-51
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Improve MavenWrapperDownloader.java using Java Path API (NIO.2)
> ---------------------------------------------------------------
>
> Key: MWRAPPER-51
> URL: https://issues.apache.org/jira/browse/MWRAPPER-51
> Project: Maven Wrapper
> Issue Type: Improvement
> Components: Maven Wrapper Scripts
> Affects Versions: 3.1.0
> Reporter: Jorge Solórzano
> Priority: Normal
>
> MavenWrapperDownloader.java could be improved by using the Java Path API
> (NIO.2) available since Java 7 and also include some checks in paths.
> Also, Snyk reports a potential vulnerability of Unsanitized input from a
> command-line argument flows into java.io.File* where it is used as a path.
> This may result in a Path Traversal vulnerability and allow an attacker to
> read/write arbitrary files.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
