Details
-
Bug
-
Status: Resolved
-
Minor
-
Resolution: Fixed
-
3.0.0-alpha-1, 2.2.0, 2.3.0, 2.1.5
-
None
Description
ProfileOutputServlet sanitizes the input URL but fails when the query string contains dot or hyphen. These are valid characters for the hostname.
Example URL part:
/prof-output/async-prof-pid-122466-cpu-1.svg?host=myhost-1.example.com&port=16010
In this case the user gets the following error message:
HTTP ERROR: 500 Problem accessing /prof-output/async-prof-pid-122466-cpu-1.svg. Reason: java.lang.RuntimeException: Non-alphanumeric data found in input, aborting. Powered by Jetty:// 9.3.27.v20190418
Attachments
Issue Links
- links to