CVE-2020-9479

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-9479

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-9479.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-9479

Published

2021-03-01T16:15:12.917Z

Modified

2025-11-14T11:10:50.898692Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

When loading a UDF, a specially crafted zip file could allow files to be placed outside of the UDF deployment directory. This issue affected Apache AsterixDB unreleased builds between commits 580b81aa5e8888b8e1b0620521a1c9680e54df73 and 28c0ee84f1387ab5d0659e9e822f4e3923ddc22d. Note: this CVE may be REJECTed as the issue did not affect any released versions of Apache AsterixDB

References

Affected packages

Git / github.com/apache/asterixdb

Affected ranges

Type: GIT
Repo: https://github.com/apache/asterixdb
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

c95de7a9548e6868e97cc664cdb12e6721b508c3

Affected versions

apache-asterixdb-0.*

apache-asterixdb-0.3.1

apache-asterixdb-0.8.8-incubating

apache-asterixdb-0.8.8-incubating-rc1

apache-asterixdb-0.9.0

apache-asterixdb-0.9.0-rc1

apache-asterixdb-0.9.0-rc2

apache-asterixdb-0.9.1

apache-asterixdb-0.9.2

apache-asterixdb-0.9.3

apache-asterixdb-0.9.4

apache-asterixdb-hyracks-0.*

apache-asterixdb-hyracks-0.2.17-incubating

apache-asterixdb-hyracks-0.2.17-incubating-rc0

apache-asterixdb-hyracks-0.2.17-incubating-rc1

apache-hyracks-0.*

apache-hyracks-0.3.0

apache-hyracks-0.3.0-rc1

apache-hyracks-0.3.0-rc2

apache-hyracks-0.3.1

apache-hyracks-0.3.2

apache-hyracks-0.3.3

apache-hyracks-0.3.4

asterix-0.*

asterix-0.0.5

asterix-0.8.0

asterix-0.8.1

asterix-0.8.2

asterix-0.8.3

asterix-0.8.4

asterix-0.8.5

asterix-0.8.6

asterix-0.8.7-incubating

asterix-0.8.8-incubating-rc0

fullstack-0.*

fullstack-0.2.10

fullstack-0.2.11

fullstack-0.2.12

fullstack-0.2.13

fullstack-0.2.14

fullstack-0.2.15

fullstack-0.2.16-incubating

fullstack-0.2.5

fullstack-0.2.6

fullstack-0.2.7

fullstack-0.2.8

fullstack-0.2.9

Other

vault/aggregators_dev_next

vault/asterix-fix-issue-108

vault/asterix-fix-issue-109

vault/asterix-fix-issue-113

vault/asterix-fix-issue-9

vault/asterix_fix_agg

vault/asterix_fix_issue_154

vault/asterix_fix_issue_207

vault/asterix_fix_issue_224

vault/asterix_fix_issue_233

vault/asterix_fix_issue_96

vault/asterix_function_merge

vault/asterix_fuzzy_perf

vault/asterix_inline_vars

vault/asterix_lsm_length_filter

vault/asterix_lsm_stabilization@1654

vault/asterix_lsm_stabilization_315

vault/asterix_lsm_stabilization_324

vault/asterix_lsm_stabilization_function

vault/asterix_lsm_stabilization_htc

vault/asterix_lsm_stabilization_installer

vault/asterix_lsm_stabilization_interval

vault/asterix_lsm_stabilization_interval_leftover

vault/asterix_lsm_stabilization_javaparams

vault/asterix_lsm_stabilization_kisskys

vault/asterix_lsm_stabilization_udfs

vault/asterix_opentype

vault/asterix_spring_cleaning

vault/asterix_stabilization@58

vault/asterix_stabilization_algebricks_cleanup

vault/asterix_stabilization_btree_fixes

vault/asterix_stabilization_func_type_check

vault/asterix_stabilization_installer

vault/asterix_stabilization_ioc

vault/asterix_stabilization_ioc_installer

vault/asterix_stabilization_issue_173

vault/asterix_stabilization_issue_251

vault/asterix_stabilization_issue_252_253

vault/asterix_stabilization_issue_257

vault/asterix_stabilization_issue_279

vault/asterix_stabilization_printerfix

vault/asterix_stabilization_printerfix_staging

vault/asterix_stabilization_spatial_accessors

vault/asterix_stabilization_temp_missing_tests

vault/asterix_stabilization_temporal_fixes

vault/asterix_stabilization_temporal_functionality

vault/asterix_tokenizer_opt

vault/asterix_unnest_to_join_enhance

vault/fullstack_asterix_stabilization

vault/fullstack_genomix@2593

vault/fullstack_hyracks_ioc

vault/fullstack_imru@2585

vault/fullstack_lsm_staging

vault/fullstack_lsm_staging@3347

vault/fullstack_lsm_staging_issue_305

vault/fullstack_lsm_staging_issue_97

vault/fullstack_pregelix_fix

vault/fullstack_staging

vault/fullstack_staging@1956

vault/fullstack_staging@2391

vault/fullstack_staging_bigmerge_target

vault/hyracks-next

vault/hyracks_admin_console@327

vault/hyracks_algebricks_integration

vault/hyracks_aqua_changes

vault/hyracks_aqua_changes@403

vault/hyracks_btree_updates_next

vault/hyracks_create_documentation

vault/hyracks_create_documentation@280

vault/hyracks_dev_next@501

vault/hyracks_dev_next@539

vault/hyracks_hadoop_compat_changes

vault/hyracks_hadoop_compat_changes@458

vault/hyracks_indexes

vault/hyracks_inverted_index_updates_new

vault/hyracks_io_management@287

vault/hyracks_isolation

vault/hyracks_lsm_experiments

vault/hyracks_lsm_length_filter

vault/hyracks_lsm_tree

vault/hyracks_lsm_tree_bloom_filter

vault/hyracks_multicomparator_opt

vault/hyracks_online_aggregation@185

vault/hyracks_scheduling@296

vault/hyracks_scheduling@328

vault/hyracks_sort_join_opts

vault/hyracks_spilling_groupby

vault/hyracks_spilling_groupby@299

vault/hyracks_spilling_groupby_perf@326

vault/hyracks_storage_cleanup

vault/hyracks_storage_cleanup@236

vault/hyrax-next

vault/hyrax-next@10

vault/hyracks_v0.*

vault/hyracks_v0.2@173