CGA-fvm3-r4cw-39rf

Published

Last updated

https://images.chainguard.dev/security/CGA-fvm3-r4cw-39rf

Package

hadoop-fips-3.3.6

Repository

Chainguard

Latest Update

Fix not planned

Aliases

CVE-2016-5725
GHSA-q446-82vq-w674

Severity

Unknown

Summary

Improper Limitation of a Pathname to a Restricted Directory in JCraft JSch

Description

Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.

References

https://nvd.nist.gov/vuln/detail/CVE-2016-5725
https://github.com/advisories/GHSA-q446-82vq-w674
https://access.redhat.com/errata/RHSA-2017:3115
https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725
https://lists.debian.org/debian-lts-announce/2020/04/msg00017.html
https://www.exploit-db.com/exploits/40411
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpuoct2020.html
http://packetstormsecurity.com/files/138809/jsch-0.1.53-Path-Traversal.html
http://seclists.org/fulldisclosure/2016/Sep/53
http://www.jcraft.com/jsch/ChangeLog

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CGA-fvm3-r4cw-39rf

Severity

Summary

Description

References

Updates

Products

Why Chainguard

Customers

Company

Resources