Query
Link to pull request with your CodeQL query:
Relevant PR: github/codeql#6240
CVE ID(s)
List the CVE ID(s) associated with this vulnerability. GitHub will automatically link CVE IDs to the GitHub Advisory Database.
Report
Constructing a server-side redirect path with user input could allow an attacker to download application binaries
(including application classes or jar files) or view arbitrary files within protected directories.
FYI I just wrote a blog post about the query and timing attacks.
Result(s)
Provide at least one useful result found by your query, on some revision of a real project.
Query
Link to pull request with your CodeQL query:
Relevant PR: github/codeql#6240
CVE ID(s)
List the CVE ID(s) associated with this vulnerability. GitHub will automatically link CVE IDs to the GitHub Advisory Database.
Report
Constructing a server-side redirect path with user input could allow an attacker to download application binaries
(including application classes or jar files) or view arbitrary files within protected directories.
FYI I just wrote a blog post about the query and timing attacks.
Result(s)
Provide at least one useful result found by your query, on some revision of a real project.
eclipse/jetty.project : test data
caelum/vraptor4 : lgtm result