Описание
Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.
Ссылки
- Third Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- Release Notes
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- Release Notes
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Одновременно
EPSS
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
Связанные уязвимости
Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.
Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.
Directory traversal vulnerability in JCraft JSch before 0.1.54 on Wind ...
Improper Limitation of a Pathname to a Restricted Directory in JCraft JSch
Уязвимость компонента ChannelSftp.OVERWRITE Java-реализации SSH2 jsch, позволяющая нарушителю оказать воздействие на целостность информации
EPSS
5.9 Medium
CVSS3
4.3 Medium
CVSS2