Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Apache Ivy allows creating/overwriting any file on the system
Vulnerability Description
With Apache Ivy 2.4.0 an optional packaging attribute has been introduced that allows artifacts to be unpacked on the fly if they used pack200 or zip packaging. For artifacts using the "zip", "jar" or "war" packaging Ivy prior to 2.5.1 doesn't verify the target path when extracting the archive. An archive containing absolute paths or paths that try to traverse "upwards" using ".." sequences can then write files to any location on the local fie system that the user executing Ivy has write access to. Ivy users of version 2.4.0 to 2.5.0 should upgrade to Ivy 2.5.1.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache Ivy 路径遍历漏洞
Vulnerability Description
Apache Ivy是美国阿帕奇(Apache)基金会的一个可传递的软件包管理器。 Apache Ivy 2.5.1之前版本存在安全漏洞,该漏洞源于在提取归档文件时不会验证目标路径。
CVSS Information
N/A
Vulnerability Type
N/A