Skip to content
Permalink
Browse files Browse the repository at this point in the history
fixing jetty classloader vulnerability with potential reverse file tr…
…averse route when running servlet based apps in jetty
  • Loading branch information
davydotcom committed Aug 22, 2018
1 parent ce948cd commit a29533c
Show file tree
Hide file tree
Showing 3 changed files with 5 additions and 2 deletions.
Expand Up @@ -4,6 +4,7 @@ package asset.pipeline
import asset.pipeline.grails.AssetAttributes
import asset.pipeline.grails.AssetProcessorService
import asset.pipeline.grails.ProductionAssetCache
import asset.pipeline.AssetHelper
import groovy.transform.CompileStatic
import groovy.util.logging.Commons
import javax.servlet.FilterChain
Expand Down Expand Up @@ -63,7 +64,7 @@ class AssetPipelineFilter extends OncePerRequestFilter {
if(fileUri.startsWith('/')) {
manifestPath = fileUri.substring(1) //Omit forward slash
}

fileUri = AssetHelper.normalizePath(fileUri) //JETTY Security bug, we MUST prevent reverse traversal
fileUri = manifest?.getProperty(manifestPath, manifestPath)


Expand Down
Expand Up @@ -3,6 +3,7 @@ package asset.pipeline.servlet

import asset.pipeline.AssetPipelineResponseBuilder
import asset.pipeline.AssetPipelineConfigHolder
import asset.pipeline.AssetHelper
import java.util.logging.Logger
import javax.servlet.FilterChain
import javax.servlet.ServletContext
Expand Down Expand Up @@ -43,6 +44,7 @@ class AssetPipelineFilterCore {
if(fileUri.startsWith(baseAssetUrl)) {
fileUri = fileUri.substring(baseAssetUrl.length())
}
fileUri = AssetHelper.normalizePath(fileUri) //JETTY Security bug, we MUST prevent reverse
final Properties manifest = AssetPipelineConfigHolder.manifest
String manifestPath = fileUri
if(fileUri.startsWith('/')) {
Expand Down
2 changes: 1 addition & 1 deletion build.gradle
Expand Up @@ -8,7 +8,7 @@ buildscript {
}

subprojects {
version = '3.0.3'
version = '3.0.4'
}

apply plugin: 'groovy'
Expand Down

0 comments on commit a29533c

Please sign in to comment.