J0Hndo

**Name of the Vulnerable Software and Affected Versions** Apache MINA SSHD versions prior to 2.18.0 Apache MINA SSHD versions 3.0.0-M1 through 3.0.0-M3 **Description** A path traversal issue exists in the `org.apache.sshd:sshd-git` bundle. Due to a lack of path validation in `git-upload-pack`, `git-receive-pack`, and other git operations, users authenticated over SSH can access git repositories located outside the configured git server root directory. Path traversal is a security flaw that allows an attacker to read or write files on the server outside of the intended folder by using special characters like dot-dot-slash (../). **Recommendations** Upgrade to version 2.18.0. Upgrade to version 3.0.0-M4. Implement additional security controls to govern access to git repositories and operations rather than relying solely on file system layout and permissions.