[HADOOP-19079] HttpExceptionUtils to check that loaded class is really an exception before instantiation - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Task
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.3.9, 3.5.0, 3.4.1
Component/s: common, security
Labels:
- pull-request-available

Description

It can be dangerous taking class names as inputs from HTTP messages even if we control the source. Issue is in HttpExceptionUtils in hadoop-common (validateResponse method).

I can provide a PR that will highlight the issue.

Attachments

Issue Links

links to

GitHub Pull Request #6557

Activity

People

Assignee:: PJ Fanning

Reporter:: PJ Fanning

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 16/Feb/24 02:11

Updated:: 11/Apr/24 18:49

Resolved:: 11/Apr/24 18:47