CVE-2022-37865

CWE-22 — Path Traversal7 documents6 sources

Severity

9.1CRITICAL

EPSS

0.4%

top 37.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Software Foundation Apache IVY Apache IVY

Timeline

PublishedNov 7

Latest updateJul 15

Description

With Apache Ivy 2.4.0 an optional packaging attribute has been introduced that allows artifacts to be unpacked on the fly if they used pack200 or zip packaging. For artifacts using the "zip", "jar" or "war" packaging Ivy prior to 2.5.1 doesn't verify the target path when extracting the archive. An archive containing absolute paths or paths that try to traverse "upwards" using ".." sequences can then write files to any location on the local fie system that the user executing Ivy has write access …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages3 packages

▶NVDapache/ivy2.4.0 — 2.5.1

▶Mavenorg.apache.ivy:ivy2.4.0 — 2.5.1

▶CVEListV5apache_software_foundation/apache_ivy2.4.0 — unspecified+1

🔴Vulnerability Details

GHSA

Apache Ivy does not verify target path when extracting the archive↗2022-11-07

▶

CVEList

Apache Ivy allows creating/overwriting any file on the system↗2022-11-07

▶

OSV

Apache Ivy does not verify target path when extracting the archive↗2022-11-07

▶

📋Vendor Advisories

Oracle

Oracle Oracle MySQL Risk Matrix: Monitoring: General (Apache Ivy) — CVE-2022-37865↗2023-07-15

▶

Oracle

Oracle Oracle Communications Risk Matrix: Installation (Apache Ivy) — CVE-2022-37865↗2023-04-15

▶

Red Hat

apache-ivy: Directory Traversal↗2022-11-07

▶