Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Apache Ivy allows path traversal in the presence of a malicious repository
Vulnerability Description
When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied "pattern" that may include placeholders for artifacts coordinates like the organisation, module or version. If said coordinates contain "../" sequences - which are valid characters for Ivy coordinates in general - it is possible the artifacts are stored outside of Ivy's local cache or repository or can overwrite different artifacts inside of the local cache. In order to exploit this vulnerability an attacker needs collaboration by the remote repository as Ivy will issue http requests containing ".." sequences and a "normal" repository will not interpret them as part of the artifact coordinates. Users of Apache Ivy 2.0.0 to 2.5.1 should upgrade to Ivy 2.5.1.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Apache Ivy 路径遍历漏洞
Vulnerability Description
Apache Ivy是美国阿帕奇(Apache)基金会的一个可传递的软件包管理器。 Apache Ivy 2.5.1之前版本存在路径遍历漏洞,该漏洞源于工件可能存储在Ivy的本地缓存或存储库之外,或者可以覆盖本地缓存内的不同工件。
CVSS Information
N/A
Vulnerability Type
N/A