PT-2022-7284 · Apache +1 · Apache Ivy +1

Name of the Vulnerable Software and Affected Versions: Apache Ivy versions 2.4.0 through 2.5.0 Description: The issue is related to the extraction of archives in Apache Ivy, where the target path is not verified for artifacts using "zip", "jar", or "war" packaging. This allows an archive with...