Логотип exploitDog
bind: "CVE-2022-37866"
Консоль
Логотип exploitDog

exploitDog

bind: "CVE-2022-37866"

Количество 5

Количество 5

redhat логотип

CVE-2022-37866

больше 2 лет назад

When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied "pattern" that may include placeholders for artifacts coordinates like the organisation, module or version. If said coordinates contain "../" sequences - which are valid characters for Ivy coordinates in general - it is possible the artifacts are stored outside of Ivy's local cache or repository or can overwrite different artifacts inside of the local cache. In order to exploit this vulnerability an attacker needs collaboration by the remote repository as Ivy will issue http requests containing ".." sequences and a "normal" repository will not interpret them as part of the artifact coordinates. Users of Apache Ivy 2.0.0 to 2.5.1 should upgrade to Ivy 2.5.1.

CVSS3: 7.5
EPSS: Низкий
nvd логотип

CVE-2022-37866

больше 2 лет назад

When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied "pattern" that may include placeholders for artifacts coordinates like the organisation, module or version. If said coordinates contain "../" sequences - which are valid characters for Ivy coordinates in general - it is possible the artifacts are stored outside of Ivy's local cache or repository or can overwrite different artifacts inside of the local cache. In order to exploit this vulnerability an attacker needs collaboration by the remote repository as Ivy will issue http requests containing ".." sequences and a "normal" repository will not interpret them as part of the artifact coordinates. Users of Apache Ivy 2.0.0 to 2.5.1 should upgrade to Ivy 2.5.1.

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-wv7w-rj2x-556x

больше 2 лет назад

Apache Ivy vulnerable to path traversal

CVSS3: 7.5
EPSS: Низкий
fstec логотип

BDU:2024-02253

больше 1 года назад

Уявимость пакетного менеджера Apache Ivy, связанная с неверным ограничением имени пути к каталогу с ограниченным доступом, позволяющая нарушителю получить несанкционированный доступ к файловой системе

CVSS3: 7.5
EPSS: Низкий
redos логотип

ROS-20241203-20

7 месяцев назад

Множественные уязвимости apache-ivy

CVSS3: 9.1
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
redhat логотип
CVE-2022-37866

When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied "pattern" that may include placeholders for artifacts coordinates like the organisation, module or version. If said coordinates contain "../" sequences - which are valid characters for Ivy coordinates in general - it is possible the artifacts are stored outside of Ivy's local cache or repository or can overwrite different artifacts inside of the local cache. In order to exploit this vulnerability an attacker needs collaboration by the remote repository as Ivy will issue http requests containing ".." sequences and a "normal" repository will not interpret them as part of the artifact coordinates. Users of Apache Ivy 2.0.0 to 2.5.1 should upgrade to Ivy 2.5.1.

CVSS3: 7.5
1%
Низкий
больше 2 лет назад
nvd логотип
CVE-2022-37866

When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied "pattern" that may include placeholders for artifacts coordinates like the organisation, module or version. If said coordinates contain "../" sequences - which are valid characters for Ivy coordinates in general - it is possible the artifacts are stored outside of Ivy's local cache or repository or can overwrite different artifacts inside of the local cache. In order to exploit this vulnerability an attacker needs collaboration by the remote repository as Ivy will issue http requests containing ".." sequences and a "normal" repository will not interpret them as part of the artifact coordinates. Users of Apache Ivy 2.0.0 to 2.5.1 should upgrade to Ivy 2.5.1.

CVSS3: 7.5
1%
Низкий
больше 2 лет назад
github логотип
GHSA-wv7w-rj2x-556x

Apache Ivy vulnerable to path traversal

CVSS3: 7.5
1%
Низкий
больше 2 лет назад
fstec логотип
BDU:2024-02253

Уявимость пакетного менеджера Apache Ivy, связанная с неверным ограничением имени пути к каталогу с ограниченным доступом, позволяющая нарушителю получить несанкционированный доступ к файловой системе

CVSS3: 7.5
1%
Низкий
больше 1 года назад
redos логотип
ROS-20241203-20

Множественные уязвимости apache-ivy

CVSS3: 9.1
7 месяцев назад

Уязвимостей на страницу