apache ivy is vulnerable to path traversal. The vulnerability exists due to lack of file path pattern checks in the getCachedDataFile
function of DefaultRepositoryCacheManager.java
, allowing an attacker to overwrite files outside of the local cache by using ../
in artifact coordinates.
CPE | Name | Operator | Version |
---|---|---|---|
apache ivy | le | 2.5.0 | |
apache ivy | le | 2.5.0 | |
apache-ivy | eq | 2.3.0__4.el7 |