Lucene search
+L

15 matches found

wolfi
wolfi
added 2025/03/28 4:43 p.m.32 views

CVE-2022-37866 vulnerabilities

Vulnerabilities for packages: gradle-stage0...

7.5CVSS8AI score0.01596EPSS
Exploits0
cgr
cgr
added 2025/03/28 4:12 p.m.29 views

CVE-2022-37866 vulnerabilities

Vulnerabilities for packages: gradle-stage0...

7.5CVSS8AI score0.01596EPSS
Exploits0
nessus
nessus
added 2025/03/05 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2022-37866

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied pattern that may include placeholders for...

7.5CVSS7.1AI score0.01596EPSS
Exploits0References2
nessus
nessus
added 2024/01/23 12:0 a.m.26 views

Amazon Linux AMI : apache-ivy (ALAS-2024-1910)

The version of apache-ivy installed on the remote host is prior to 2.2.0-5.3. It is, therefore, affected by a vulnerability as referenced in the ALAS-2024-1910 advisory. When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied pattern...

7.5CVSS7.5AI score0.01596EPSS
Exploits0References4
amazon
amazon
added 2024/01/22 12:0 a.m.31 views

Important: apache-ivy

Issue Overview: When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied "pattern" that may include placeholders for artifacts coordinates like the organisation, module or version. If said coordinates contain "../" sequences - which ar...

7.5CVSS8.1AI score0.01596EPSS
Exploits0
ibm
ibm
added 2023/09/07 6:51 a.m.55 views

Security Bulletin: Multiple vulnerabilities in ivy-2.4.0.jar affect IBM Application Performance Management products

Summary There are multiple vulnerabilities in ivy-2.4.0.jar used by IBM Application Performance Management. IBM Application Performance Management has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-37865 DESCRIPTION: Apache Ivy could allow a local authenticated attacker to...

9.1CVSS8.4AI score0.01819EPSS
Exploits0Affected Software1
mageia
mageia
added 2023/07/07 5:54 a.m.45 views

Updated apache-ivy packages fix security vulnerability

Improper path allowed when extracting archive.CVE-2022-37865 Possible path traversal in download path CVE-2022-37866...

9.1CVSS7AI score0.01819EPSS
Exploits0References3
openvas
openvas
added 2023/07/05 12:0 a.m.17 views

Fedora: Security Advisory for apache-ivy (FEDORA-2023-35f775fd6e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS8.5AI score0.01819EPSS
Exploits0References2
nessus
nessus
added 2023/07/04 12:0 a.m.18 views

Fedora 38 : apache-ivy (2023-35f775fd6e)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-35f775fd6e advisory. Changelog Sun Jun 25 2023 Didik Supriadi - 2.5.1-3 - Build with ivy instead of maven Tenable has extracted the preceding description block directly...

9.1CVSS8.1AI score0.01819EPSS
Exploits0References3
nessus
nessus
added 2023/05/03 12:0 a.m.30 views

Amazon Linux 2023 : apache-ivy, apache-ivy-javadoc (ALAS2023-2023-174)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-174 advisory. A flaw was found in Apache Ivy. With Apache Ivy 2.4.0, an optional packaging attribute was introduced that allows artifacts to be unpacked on the fly if pack200 or zip packaging was used. This...

9.1CVSS7.9AI score0.01819EPSS
Exploits0References6
ibm
ibm
added 2023/03/30 7:6 p.m.36 views

Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to Path Traversal due to Apache Ivy (CVE-2022-37865, CVE-2022-37866)

Summary Apache Ivy is used by IBM UrbanCode Deploy as part of the Agents Apache Groovy scripting home. CVE-2022-37865, CVE-2022-37866 Vulnerability Details CVEID:CVE-2022-37866 DESCRIPTION: Apache Ivy could allow a remote attacker to traverse directories on the system, caused by improper validati...

9.1CVSS8.1AI score0.01819EPSS
Exploits0Affected Software1
vulnersosv
vulnersosv
added 2022/11/07 7:0 p.m.9 views

ae.teletronics.nlp:entityextraction (>=1.3 <=1.4), ai.catboost:catboost-spark_2.11 (>=0.25-rc1 <=0.25-rc3) +4986 more potentially affected by CVE-2022-37866 via org.apache.ivy:ivy (>=2.0.0 <=2.5.0)

org.apache.ivy:ivy MAVEN version =2.0.0, =1.3, =0.25-rc1, =0.25-rc1, =0.25, =0.25, =0.25, =0.25, =1.0.1, =1.0.6, =1.0.6, =1.1, =1.1.1, =0.0.25, =0.0.25, =0.0.25, =def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91 and more Source cves: CVE-2022-37866 Source advisory: OSV:GHSA-WV7W-RJ2X-556X...

7.5CVSS7.1AI score0.01596EPSS
Exploits0
cve
cve
added 2022/11/07 12:0 a.m.325 views

CVE-2022-37866

Apache Ivy CVE-2022-37866 describes a directory traversal vulnerability where artifact coordinates with ".." can cause downloaded artifacts to be written outside Ivy’s local cache or overwrite other files. Exploitation requires collaboration from the remote repository, as Ivy will issue HTTP requ...

7.5CVSS7.4AI score0.01596EPSS
Exploits0References2Affected Software1
vulnrichment
vulnrichment
added 2022/11/07 12:0 a.m.5 views

CVE-2022-37866 Apache Ivy allows path traversal in the presence of a malicious repository

When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied "pattern" that may include placeholders for artifacts coordinates like the organisation, module or version. If said coordinates contain "../" sequences - which are valid characte...

6.8AI score0.01596EPSS
Exploits0References2
osv
osv
added 2022/11/07 12:0 a.m.22 views

CVE-2022-37866 Apache Ivy allows path traversal in the presence of a malicious repository

When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied "pattern" that may include placeholders for artifacts coordinates like the organisation, module or version. If said coordinates contain "../" sequences - which are valid characte...

7.5CVSS7.1AI score0.01596EPSS
Exploits0References4
Rows per page
Query Builder