CVE-2020-13924: Path Traversal

March 17, 2021 (updated March 23, 2021)

In Apache Ambari, malicious users can construct file names for directory traversal and traverse to other directories to download files.

References

mail-archives.apache.org/mod_mbox/ambari-user/202102.mbox/%3CCAEJYuxEQZ_aPwJdAaSxPu-Dva%3Dhc7zZUx3-pzBORbd23g%2BGH1A%40mail.gmail.com%3E
nvd.nist.gov/vuln/detail/CVE-2020-13924

Detect and mitigate CVE-2020-13924 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →