Lucene search
Veracode Vulnerability DatabaseVERACODE:37830HistoryNov 08, 2022 - 2:30 a.m.
Path Traversal
2022-11-0802:30:33
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12
path traversal
apache ivy
vulnerability
defaultrepositorycachemanager
getfile function
artifact coordinates
0.002 Low
EPSS
Percentile
53.5%
apache ivy is vulnerable to path traversal. The vulnerability exists due to lack of file path pattern checks in the getCachedDataFile function of DefaultRepositoryCacheManager.java, allowing an attacker to overwrite files outside of the local cache by using ../ in artifact coordinates.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache ivy | le | 2.5.0 | |
| apache ivy | le | 2.5.0 | |
| apache-ivy | eq | 2.3.0__4.el7 |
Related
nessus
nessus
Amazon Linux AMI : apache-ivy (ALAS-2024-1910)
2024-01-23 00:00:00
Amazon Linux 2 : apache-ivy (ALAS-2023-2165)
2023-07-26 00:00:00
Fedora 38 : apache-ivy (2023-35f775fd6e)
2023-07-04 00:00:00
osv
osv
Apache Ivy vulnerable to path traversal
2022-11-07 19:00:20
CVE-2022-37866
2022-11-07 14:15:12
amazon
amazon
Important: apache-ivy
2023-07-20 17:29:00
Important: apache-ivy
2024-01-19 01:19:00
prion
prion
Design/Logic Flaw
2022-11-07 14:15:00
cvelist
cvelist
cve
cve
CVE-2022-37866
2022-11-07 14:15:12
redhatcve
redhatcve
CVE-2022-37866
2022-12-01 15:56:37
github
github
Apache Ivy vulnerable to path traversal
2022-11-07 19:00:20
nvd
nvd
CVE-2022-37866
2022-11-07 14:15:12
fedora
fedora
[SECURITY] Fedora 38 Update: apache-ivy-2.5.1-3.fc38
2023-07-04 01:34:09
mageia
mageia
Updated apache-ivy packages fix security vulnerability
2023-07-07 08:54:45
ibm
ibm
openvas
openvas
Fedora: Security Advisory for apache-ivy (FEDORA-2023-35f775fd6e)
2023-07-05 00:00:00
Mageia: Security Advisory (MGASA-2023-0216)
2023-07-10 00:00:00
redhat
redhat
oracle
oracle
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00
Oracle Critical Patch Update Advisory - April 2023
2023-04-18 00:00:00