Lucene search
K

86 matches found

osv
osv
added 2022/11/07 12:0 a.m.29 views

CVE-2022-37865 Apache Ivy allows creating/overwriting any file on the system

With Apache Ivy 2.4.0 an optional packaging attribute has been introduced that allows artifacts to be unpacked on the fly if they used pack200 or zip packaging. For artifacts using the "zip", "jar" or "war" packaging Ivy prior to 2.5.1 doesn't verify the target path when extracting the archive. A...

9.1CVSS7.1AI score0.01819EPSS
Exploits0References4
cnnvd
cnnvd
added 2022/11/07 12:0 a.m.4 views

Apache Ivy 路径遍历漏洞

Apache Ivy is a deliverable package manager from the Apache Foundation USA. A path traversal vulnerability exists in Apache Ivy versions prior to 2.5.1, which stems from the fact that artifacts may be stored outside of Ivy's local cache or repository, or can overwrite different artifacts within t...

7.5CVSS7.3AI score0.01596EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2022/11/07 12:0 a.m.7 views

CVE-2022-37865 Apache Ivy allows creating/overwriting any file on the system

With Apache Ivy 2.4.0 an optional packaging attribute has been introduced that allows artifacts to be unpacked on the fly if they used pack200 or zip packaging. For artifacts using the "zip", "jar" or "war" packaging Ivy prior to 2.5.1 doesn't verify the target path when extracting the archive. A...

9AI score0.01819EPSS
Exploits0References2
cve
cve
added 2022/11/07 12:0 a.m.188 views

CVE-2022-37865

CVE-2022-37865 affects Apache Ivy when using packaging types zip/jar/war with an unpacking on-the-fly feature introduced in Ivy 2.4.0. The vulnerability arises from Ivy’s archive extraction not validating target paths, allowing an archive containing absolute paths or paths using .. to write files...

9.1CVSS9AI score0.01819EPSS
Exploits0References2Affected Software1
vulnrichment
vulnrichment
added 2022/11/07 12:0 a.m.5 views

CVE-2022-37866 Apache Ivy allows path traversal in the presence of a malicious repository

When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied "pattern" that may include placeholders for artifacts coordinates like the organisation, module or version. If said coordinates contain "../" sequences - which are valid characte...

6.8AI score0.01596EPSS
Exploits0References2
openbugbounty
openbugbounty
added 2020/06/07 4:50 p.m.12 views

apache-ivy.996301.n3.nabble.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1188116 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

6.1AI score
Exploits0
Rows per page
Query Builder