|
while ((zipEntry = zip.getNextEntry()) != null) { |
|
String entryName = zipEntry.getName(); |
|
if (entryName.startsWith(directory + "/")) { |
|
paths.add(Paths.get("/" + entryName)); |
Allowing user input to control paths used in file system operations could enable an attacker to access or modify otherwise protected system resources.
parsec/parsec-gradle-plugin/src/main/java/com/yahoo/parsec/gradle/utils/FileUtils.java
Lines 180 to 183 in 564f47f
Allowing user input to control paths used in file system operations could enable an attacker to access or modify otherwise protected system resources.