View all vulnerabilities

CVE-2016-5725

Improper Limitation of a Pathname to a Restricted Directory in JCraft JSch

Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading
Vulnerability Details
Score
5.8
Score Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Versions
com.jcraft:jsch < 0.1.54
Severity
Medium
Ecosystem
Publish Date
May 12, 2022
Modified Date
February 20, 2024