MEDIUM
Jcraft
CVE published 2017-01-19
CVE-2016-5725
CVE-2016-5725 describes a directory traversal issue in JCraft JSch before 0.1.54. On Windows, when ChannelSftp.OVERWRITE is used, a remote SFTP server can influence recursive GET handling so that a ..\ sequence in the server response may cause writes outside the intended destination. The impact is integrity-focused rather than confidentiality- or availability-focused, which matches the reported medium CVSS score.