Search for packages
| purl | pkg:maven/org.apache.sshd/sshd-sftp@2.2.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-r4e4-u4s6-63gc
Aliases: CVE-2023-35887 GHSA-mjmq-gwgm-5qhm |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA. In SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover "exists/does not exist" information about items outside the rooted tree via paths including parent navigation ("..") beyond the root, or involving symlinks. This issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10 |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-16T22:33:33.518304+00:00 | GitLab Importer | Affected by | VCID-r4e4-u4s6-63gc | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.sshd/sshd-sftp/CVE-2023-35887.yml | 38.4.0 |
| 2026-04-11T23:52:31.628462+00:00 | GitLab Importer | Affected by | VCID-r4e4-u4s6-63gc | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.sshd/sshd-sftp/CVE-2023-35887.yml | 38.3.0 |
| 2026-04-02T23:55:42.276352+00:00 | GitLab Importer | Affected by | VCID-r4e4-u4s6-63gc | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.sshd/sshd-sftp/CVE-2023-35887.yml | 38.1.0 |