jsch-agent-proxy icon indicating copy to clipboard operation
jsch-agent-proxy copied to clipboard

Published 20 hours ago verified publisher icon ymnk

CVE-2016-5725 on jsch.agentproxy.core-0.0.9.jar

Open patpatpat123 opened this issue 2 years ago • 0 comments

Hello Team,

Thank you for this great project. Just wanted to highlight a CVE found on different static analysis tools.

CVE-2016-5725

Description

Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.
For more information check out https://www.oracle.com/security-alerts/cpuoct2020.html
Files

Do you. ind please help fix this CVE please?

Thank you

patpatpat123 avatar Mar 29 '22 00:03 patpatpat123