CVE-2020-9479— unzip directory traversal
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2020-9479
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
unzip directory traversal
Source: NVD (National Vulnerability Database)
Vulnerability Description
When loading a UDF, a specially crafted zip file could allow files to be placed outside of the UDF deployment directory. This issue affected Apache AsterixDB unreleased builds between commits 580b81aa5e8888b8e1b0620521a1c9680e54df73 and 28c0ee84f1387ab5d0659e9e822f4e3923ddc22d. Note: this CVE may be REJECTed as the issue did not affect any released versions of Apache AsterixDB
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Apache AsterixDB 路径遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Apache AsterixDB是 Apache开源的一个数据库管理软件。提供一个可扩展的开源大数据管理系统 Apache AsterixDB 存在安全漏洞,该漏洞源于在加载UDF时,一个特别制作的zip文件可以将文件放置在UDF部署目录之外。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Apache Software Foundation | Apache AsterixDB | Apache AsterixDB git | - |
II. Public POCs for CVE-2020-9479
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2020-9479
请登录查看更多情报信息。
- https://www.openwall.com/lists/oss-security/2020/08/08/2x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2020-9479
Same Patch Batch · Apache Software Foundation · 2021-03-01 · 3 CVEs total
| CVE-2021-25122 | Apache Tomcat h2c request mix-up | |
| CVE-2021-25329 | Incomplete fix for CVE-2020-9484 |
IV. Related Vulnerabilities
Same vendor: Apache Software Foundation
- CVE-2026-39816
Apache NiFi: Missing Execute Code Required Permission on Tin - CVE-2026-25199
Apache CloudStack: Proxmox Extension Allows Unauthorized Cro - CVE-2026-25077
Apache CloudStack: Unauthenticated Command Injection in Dire - CVE-2025-69233
Apache CloudStack: Domain/account resources limits not honor - CVE-2025-66467
Apache CloudStack: MinIO policy remains intact on bucket del
V. Comments for CVE-2020-9479
No comments yet