Lucene search

CVE-2022-37865 Apache Ivy allows creating/overwriting any file on the system

🗓️ 07 Nov 2022 00:00:00Reported by apacheType

Apache Ivy 2.4.0-2.5.0 allows creating/overwriting files on the system through packaging attribute vulnerabilit

Reporter	Title	Published	Views	Family All 28
OSV	Apache Ivy does not verify target path when extracting the archive	7 Nov 202212:00	–	osv
OSV	CVE-2022-37865	7 Nov 202211:15	–	osv
OSV	OPENSUSE-SU-2024:12506-1 apache-ivy-2.5.1-1.1 on GA media	15 Jun 202400:00	–	osv
Github Security Blog	Apache Ivy does not verify target path when extracting the archive	7 Nov 202212:00	–	github
Veracode	Arbitrary File Write	8 Nov 202203:35	–	veracode
CVE	CVE-2022-37865	7 Nov 202211:15	–	cve
Prion	Code injection	7 Nov 202211:15	–	prion
NVD	CVE-2022-37865	7 Nov 202211:15	–	nvd
RedhatCVE	CVE-2022-37865	27 Mar 202320:43	–	redhatcve
Tenable Nessus	RHEL 7 : apache-ivy (Unpatched Vulnerability)	11 May 202400:00	–	nessus

[
  {
    "vendor": "Apache Software Foundation",
    "product": "Apache Ivy",
    "versions": [
      {
        "version": "2.4.0",
        "status": "affected",
        "lessThan": "unspecified",
        "versionType": "custom"
      },
      {
        "version": "unspecified",
        "lessThanOrEqual": "2.5.0",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
lists	www.lists.apache.org/thread/gqvvv7qsm2dfjg6xzsw1s2h08tbr0sdy
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YDIFDL5WSBEKBUVKTABUFDDD25SBNJLS/

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

07 Nov 2022 00:00Current

9.2High risk

Vulners AI Score9.2

EPSS0.00124