Permalink
Browse files

fixing jetty classloader vulnerability with potential reverse file tr…

…averse route when running servlet based apps in jetty
  • Loading branch information...
davydotcom committed Aug 22, 2018
1 parent ce948cd commit a29533c52e4b60e244082433e116d2a038d01017
@@ -4,6 +4,7 @@ package asset.pipeline
import asset.pipeline.grails.AssetAttributes
import asset.pipeline.grails.AssetProcessorService
import asset.pipeline.grails.ProductionAssetCache
import asset.pipeline.AssetHelper
import groovy.transform.CompileStatic
import groovy.util.logging.Commons
import javax.servlet.FilterChain
@@ -63,7 +64,7 @@ class AssetPipelineFilter extends OncePerRequestFilter {
if(fileUri.startsWith('/')) {
manifestPath = fileUri.substring(1) //Omit forward slash
}
fileUri = AssetHelper.normalizePath(fileUri) //JETTY Security bug, we MUST prevent reverse traversal
fileUri = manifest?.getProperty(manifestPath, manifestPath)
@@ -3,6 +3,7 @@ package asset.pipeline.servlet
import asset.pipeline.AssetPipelineResponseBuilder
import asset.pipeline.AssetPipelineConfigHolder
import asset.pipeline.AssetHelper
import java.util.logging.Logger
import javax.servlet.FilterChain
import javax.servlet.ServletContext
@@ -43,6 +44,7 @@ class AssetPipelineFilterCore {
if(fileUri.startsWith(baseAssetUrl)) {
fileUri = fileUri.substring(baseAssetUrl.length())
}
fileUri = AssetHelper.normalizePath(fileUri) //JETTY Security bug, we MUST prevent reverse
final Properties manifest = AssetPipelineConfigHolder.manifest
String manifestPath = fileUri
if(fileUri.startsWith('/')) {
View
@@ -8,7 +8,7 @@ buildscript {
}
subprojects {
version = '3.0.3'
version = '3.0.4'
}
apply plugin: 'groovy'

0 comments on commit a29533c

Please sign in to comment.