2016
09.23

jsch 0.1.53 Path Traversal

A malicious sftp server may force a client-side relative path traversal in jsch’s implementation for recursive sftp-get allowing the server to write files outside the clients download basedir with effective permissions of the jsch sftp client process. Versions 0.1.53 and below are affected.

No Comment.

Add Your Comment

You must be logged in to post a comment.