Apache Ivy

2025-06-12 02:05:39 +00:00 · 2022-11-07 14:14:33 +01:00 · 2022-11-07 14:14:33 +01:00 · bda4baaa64
commit bda4baaa64
parent 36eea6f6eb
1 changed files with 73 additions and 7 deletions
--- a/2022/37xxx/CVE-2022-37866.json
+++ b/2022/37xxx/CVE-2022-37866.json
@ -1,18 +1,84 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
+        "ASSIGNER": "security@apache.org",
        "ID": "CVE-2022-37866",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "Apache Ivy allows path traversal in the presence of a malicious repository"
    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Apache Ivy",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": ">=",
+                                            "version_value": "2.0.0"
+                                        },
+                                        {
+                                            "version_affected": "<=",
+                                            "version_value": "2.5.0"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "Apache Software Foundation"
+                }
+            ]
+        }
+    },
+    "credit": [
+        {
+            "lang": "eng",
+            "value": "This issue was discovered by Kostya Kortchinsky of the Databricks Security Team."
+        }
+    ],
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "When Apache Ivy downloads artifacts from a repository it stores them in\nthe local file system based on a user-supplied \"pattern\" that may\ninclude placeholders for artifacts coordinates like the organisation,\nmodule or version.\n\nIf said coordinates contain \"../\" sequences - which are valid characters\nfor Ivy coordinates in general - it is possible the artifacts are stored\noutside of Ivy's local cache or repository or can overwrite different\nartifacts inside of the local cache.\n\nIn order to exploit this vulnerability an attacker needs collaboration\nby the remote repository as Ivy will issue http requests containing \"..\"\nsequences and a \"normal\" repository will not interpret them as part of\nthe artifact coordinates.\n\nUsers of Apache Ivy 2.0.0 to 2.5.1 should upgrade to Ivy 2.5.1."
            }
        ]
+    },
+    "generator": {
+        "engine": "Vulnogram 0.0.9"
+    },
+    "impact": [
+        {
+            "other": "medium"
+        }
+    ],
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "CONFIRM",
+                "url": "https://lists.apache.org/thread/htxbr8oc464hxrgroftnz3my70whk93b"
+            }
+        ]
+    },
+    "source": {
+        "discovery": "UNKNOWN"
    }
-}
+}