Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-7158

Several security holes in the extension script service API

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Major
    • 3.3-milestone-2
    • 3.3-milestone-1
    • Extension
    • None
    • Unknown

    Description

      • WrappingExtension#getExtension get the wrapped extension anyway which make the wrapping useless from public API protection POV
      • WrappingExtension#getRepository return the real repository which allows to do pretty much anything on local repository for example

      Attachments

        Activity

          People

            tmortagne Thomas Mortagne
            tmortagne Thomas Mortagne
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: