CVE-2016-5725 (jsch)

Posted on 2017년 1월 20일2017년 1월 21일 by admin

Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a .. (dot dot backslash) in a response to a recursive GET command.

Source: CVE-2016-5725 (jsch)

답글 남기기 응답 취소