Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade TestNG 7.6.1 based on security issue - CVE-2022-4065 #301

Closed
khmarbaise opened this issue Dec 3, 2022 · 0 comments
Closed

Upgrade TestNG 7.6.1 based on security issue - CVE-2022-4065 #301

khmarbaise opened this issue Dec 3, 2022 · 0 comments
Assignees
@khmarbaise
Labels
bug Something isn't working dependency-upgrade Upgrade of a dependency
Milestone
itf-extension-0.12.0

Comments

@khmarbaise
Copy link
Owner

Describe the bug
TestNG is vulnerable to Path Traversal

To Reproduce
A vulnerability was found in cbeust testng. It has been declared as critical. Affected by this vulnerability is the function testngXmlExistsInJar of the file testng-core/src/main/java/org/testng/JarFileUtils.java of the component XML File Parser. The manipulation leads to path traversal. The attack can be launched remotely. A patch is available in commit 9150736cd2c123a6a3b60e6193630859f9f0422b. It is recommended to apply a patch to fix this issue. The patch was pushed into the master branch but no releases have yet been made with the patch included.

References
@khmarbaise khmarbaise added bug Something isn't working dependency-upgrade Upgrade of a dependency labels Dec 3, 2022
@khmarbaise khmarbaise added this to the 0.12.0 milestone Dec 3, 2022
@khmarbaise khmarbaise self-assigned this Dec 3, 2022
khmarbaise added a commit that referenced this issue Dec 3, 2022
@khmarbaise
Fixed #301 - Upgrade TestNG 7.6.1 based on security issue - CVE-2022-…
7af3e41 
…4065
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@khmarbaise khmarbaise

Labels
bug Something isn't working dependency-upgrade Upgrade of a dependency
Projects
None yet
Milestone
itf-extension-0.12.0
Development

No branches or pull requests
1 participant
@khmarbaise