aws-java-sdk-s3 is vulnerable to path traversal. The vulnerability exists due to the insufficient guard logic used for the download directory in the leavesRoot
function of TransferManager.java
, allowing an attacker to access files from the S3 bucket that is one level up in the file system by evading the validation logic by adding a UNIX double-dot to the bucket key when the directory name prefix matches the destination directory.