CVE-2020-36628

Name of the Vulnerable Software and Affected Versions Calsign APDE versions prior to 0.5.2-pre2-alpha

Description A critical issue has been found in the ZIP File Handler component of Calsign APDE, affecting the handleExtract function in the file APDE/src/main/java/com/calsignlabs/apde/build/dag/CopyBuildTask.java. This issue leads to path traversal.

Recommendations For versions prior to 0.5.2-pre2-alpha, upgrade to version 0.5.2-pre2-alpha to address this issue. As a temporary workaround, consider restricting access to the handleExtract function until the upgrade is applied.