lemminx icon indicating copy to clipboard operation
lemminx copied to clipboard

Published 20 hours ago verified publisher icon eclipse

possible cache escape

Open jukzi opened this issue 1 year ago • 9 comments

https://github.com/eclipse/lemminx/blame/2b0fe29f52c111be3d5c1dccdf9d08340c63be31/org.eclipse.lemminx/src/main/java/org/eclipse/lemminx/uriresolver/CacheResourcesManager.java#L316 checking for ".." only does not prevent against more (tripple) dots on for example win95 https://cwe.mitre.org/data/definitions/32.html

jukzi avatar Jul 31 '23 16:07 jukzi