Uploaded image for project: 'Seam 2'
  1. Seam 2
  2. JBSEAM-2942

StyleResource serves any file from the classpath

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Blocker
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: 2.0.2.GA
    • Component/s: Core
    • Labels:
      None

      Description

      The StyleResource implementation does not check any patterns or filenames. It serves any file that can be found on the classpath, not only CSS. This is a major security hole:

      http://www.seamframework.org/seam/resource/style/META-INF/persistence.xml
      http://www.seamframework.org/seam/resource/style/org/jboss/seam/wiki/core/engine/WikiTextParser.class

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                pmuir Pete Muir
                Reporter:
                christian.bauer Christian Bauer
              • Votes:
                1 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: