CVE-2016-0709: Path Traversal

April 11, 2016 (updated April 20, 2016)

Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed allows remote authenticated administrators to write to arbitrary files, and consequently execute arbitrary code, via a .. in a ZIP archive entry.

References

nvd.nist.gov/vuln/detail/CVE-2016-0709
portals.apache.org/jetspeed-2/security-reports.html

Code Behaviors & Features

Detect and mitigate CVE-2016-0709 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →