apache ivy is vulnerable to arbitrary file write. The vulnerability exists due to the unpack
function in ZipPacking.java
not properly verifying the target path when extracting an artifact archive, allowing an attacker to write files to any location on the file system through the absolute paths or paths that try to traverse upwards using ...
sequences.
CPE | Name | Operator | Version |
---|---|---|---|
apache ivy | le | 2.5.0 | |
apache ivy | le | 2.5.0 | |
apache-ivy | eq | 2.3.0__4.el7 |