VulnerableCode Package Details - pkg:maven/org.apache.sshd/sshd-sftp@2.9.3

Search for packages

Vulnerability	Summary	Fixed by
VCID-r4e4-u4s6-63gc Aliases: CVE-2023-35887 GHSA-mjmq-gwgm-5qhm	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA. In SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover "exists/does not exist" information about items outside the rooted tree via paths including parent navigation ("..") beyond the root, or involving symlinks. This issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10	2.10.0 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-r4e4-u4s6-63gc
Aliases:
CVE-2023-35887
GHSA-mjmq-gwgm-5qhm

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA. In SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover "exists/does not exist" information about items outside the rooted tree via paths including parent navigation ("..") beyond the root, or involving symlinks. This issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10

2.10.0
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-r4e4-u4s6-63gc	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA. In SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover "exists/does not exist" information about items outside the rooted tree via paths including parent navigation ("..") beyond the root, or involving symlinks. This issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10	CVE-2023-35887 GHSA-mjmq-gwgm-5qhm

Vulnerability

Summary

Aliases

VCID-r4e4-u4s6-63gc

CVE-2023-35887
GHSA-mjmq-gwgm-5qhm

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T22:33:33.555855+00:00	GitLab Importer	Affected by	VCID-r4e4-u4s6-63gc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.sshd/sshd-sftp/CVE-2023-35887.yml	38.4.0
2026-04-11T23:52:31.670695+00:00	GitLab Importer	Affected by	VCID-r4e4-u4s6-63gc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.sshd/sshd-sftp/CVE-2023-35887.yml	38.3.0
2026-04-02T23:55:42.325238+00:00	GitLab Importer	Affected by	VCID-r4e4-u4s6-63gc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.sshd/sshd-sftp/CVE-2023-35887.yml	38.1.0
2026-04-02T16:59:52.684460+00:00	GHSA Importer	Fixing	VCID-r4e4-u4s6-63gc	https://github.com/advisories/GHSA-mjmq-gwgm-5qhm	38.1.0
2026-04-01T12:58:59.855457+00:00	GithubOSV Importer	Fixing	VCID-r4e4-u4s6-63gc	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/07/GHSA-mjmq-gwgm-5qhm/GHSA-mjmq-gwgm-5qhm.json	38.0.0