[webanno/webanno] 6911b1: vuln-fix: Temporary Directory Hijacking or Informa...
1 view
Skip to first unread message
Richard Eckart de Castilho
Oct 25, 2022, 4:29:13 PM10/25/22
to webanno...@googlegroups.com
Branch: refs/heads/master
Home: https://github.com/webanno/webanno
Commit: 6911b1b80d9e7a2d28f82e5eca7d4982b0e4e34c
https://github.com/webanno/webanno/commit/6911b1b80d9e7a2d28f82e5eca7d4982b0e4e34c
Author: Jonathan Leitschuh <Jonathan....@gmail.com>
Date: 2022-10-04 (Tue, 04 Oct 2022)
Changed paths:
M webanno-api-dao/src/main/java/de/tudarmstadt/ukp/clarin/webanno/api/dao/ImportExportServiceImpl.java
M webanno-api-dao/src/main/java/de/tudarmstadt/ukp/clarin/webanno/api/dao/export/ProjectExportCuratedDocumentsTask.java
M webanno-api-dao/src/main/java/de/tudarmstadt/ukp/clarin/webanno/api/dao/export/ProjectExportServiceImpl.java
Log Message:
-----------
vuln-fix: Temporary Directory Hijacking or Information Disclosure
This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure.
Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)
Reported-by: Jonathan Leitschuh <Jonathan....@gmail.com>
Signed-off-by: Jonathan Leitschuh <Jonathan....@gmail.com>
Bug-tracker: https://github.com/JLLeitschuh/security-research/issues/10
Co-authored-by: Moderne <te...@moderne.io>
Commit: e029a76d68341702747078d9bc412ceeb32de7b6
https://github.com/webanno/webanno/commit/e029a76d68341702747078d9bc412ceeb32de7b6
Author: Richard Eckart de Castilho <richard...@gmail.com>
Date: 2022-10-25 (Tue, 25 Oct 2022)
Changed paths:
M webanno-api-dao/src/main/java/de/tudarmstadt/ukp/clarin/webanno/api/dao/ImportExportServiceImpl.java
M webanno-api-dao/src/main/java/de/tudarmstadt/ukp/clarin/webanno/api/dao/export/ProjectExportCuratedDocumentsTask.java
M webanno-api-dao/src/main/java/de/tudarmstadt/ukp/clarin/webanno/api/dao/export/ProjectExportServiceImpl.java
Log Message:
-----------
Merge pull request #1967 from BulkSecurityGeneratorProjectV2/fix/JLL/temporary_directory_hijacking_or_temporary_directory_information_disclosure
[SECURITY] Fix Temporary Directory Hijacking or Information Disclosure Vulnerability
Compare: https://github.com/webanno/webanno/compare/3ee64d01e1d9...e029a76d6834
Home: https://github.com/webanno/webanno
Commit: 6911b1b80d9e7a2d28f82e5eca7d4982b0e4e34c
https://github.com/webanno/webanno/commit/6911b1b80d9e7a2d28f82e5eca7d4982b0e4e34c
Author: Jonathan Leitschuh <Jonathan....@gmail.com>
Date: 2022-10-04 (Tue, 04 Oct 2022)
Changed paths:
M webanno-api-dao/src/main/java/de/tudarmstadt/ukp/clarin/webanno/api/dao/ImportExportServiceImpl.java
M webanno-api-dao/src/main/java/de/tudarmstadt/ukp/clarin/webanno/api/dao/export/ProjectExportCuratedDocumentsTask.java
M webanno-api-dao/src/main/java/de/tudarmstadt/ukp/clarin/webanno/api/dao/export/ProjectExportServiceImpl.java
Log Message:
-----------
vuln-fix: Temporary Directory Hijacking or Information Disclosure
This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure.
Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)
Reported-by: Jonathan Leitschuh <Jonathan....@gmail.com>
Signed-off-by: Jonathan Leitschuh <Jonathan....@gmail.com>
Bug-tracker: https://github.com/JLLeitschuh/security-research/issues/10
Co-authored-by: Moderne <te...@moderne.io>
Commit: e029a76d68341702747078d9bc412ceeb32de7b6
https://github.com/webanno/webanno/commit/e029a76d68341702747078d9bc412ceeb32de7b6
Author: Richard Eckart de Castilho <richard...@gmail.com>
Date: 2022-10-25 (Tue, 25 Oct 2022)
Changed paths:
M webanno-api-dao/src/main/java/de/tudarmstadt/ukp/clarin/webanno/api/dao/ImportExportServiceImpl.java
M webanno-api-dao/src/main/java/de/tudarmstadt/ukp/clarin/webanno/api/dao/export/ProjectExportCuratedDocumentsTask.java
M webanno-api-dao/src/main/java/de/tudarmstadt/ukp/clarin/webanno/api/dao/export/ProjectExportServiceImpl.java
Log Message:
-----------
Merge pull request #1967 from BulkSecurityGeneratorProjectV2/fix/JLL/temporary_directory_hijacking_or_temporary_directory_information_disclosure
[SECURITY] Fix Temporary Directory Hijacking or Information Disclosure Vulnerability
Compare: https://github.com/webanno/webanno/compare/3ee64d01e1d9...e029a76d6834
Reply all
Reply to author
Forward
0 new messages