CVE-2016-5725
CVE-2016-5725 is a directory traversal flaw in JSch (JSch-JCraft) before 0.1.54 on Windows when using ChannelSftp.OVERWRITE. An attacker could cause a remote SFTP server to write arbitrary files via ..\ in a response to a recursive GET. Connected IBM advisories note related fixes/upgrades (e.g., ...