.avif)
View all vulnerabilities
CVE-2016-5725
Improper Limitation of a Pathname to a Restricted Directory in JCraft JSch
Description
Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.
Patch Available
Fix available through Seal Security. No upgrade required, protect your application instantly.
Fix without upgradingVulnerability Details
Score
5.8
Score Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Versions
com.jcraft:jsch < 0.1.54
Severity
Medium
Medium
Medium
Ecosystem
Java
Publish Date
May 12, 2022
Modified Date
February 20, 2024