New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2016-5725 on jsch.agentproxy.core-0.0.9.jar #37

Open

patpatpat123 opened this issue Mar 29, 2022 · 0 comments

patpatpat123 commented Mar 29, 2022

Hello Team,

Thank you for this great project.
Just wanted to highlight a CVE found on different static analysis tools.

CVE-2016-5725

Description

Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.
For more information check out https://www.oracle.com/security-alerts/cpuoct2020.html
Files

Do you. ind please help fix this CVE please?

Thank you

The text was updated successfully, but these errors were encountered:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment