CVE-2016-9177: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

October 4, 2018 (updated September 7, 2021)

Directory traversal vulnerability in Spark 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.

References

seclists.org/fulldisclosure/2016/Nov/13
www.securityfocus.com/bid/94218
access.redhat.com/errata/RHSA-2017:0868
github.com/advisories/GHSA-89gc-6cw6-4vch
github.com/perwendel/spark/issues/700
nvd.nist.gov/vuln/detail/CVE-2016-9177

Detect and mitigate CVE-2016-9177 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →