{"schema_version": "1.6.1", "id": "CVE-2020-9479", "summary": "unzip directory traversal", "details": "When loading a UDF, a specially crafted zip file could allow files to be placed outside of the UDF deployment directory. This issue affected Apache AsterixDB unreleased builds between commits 580b81aa5e8888b8e1b0620521a1c9680e54df73 and 28c0ee84f1387ab5d0659e9e822f4e3923ddc22d.\n\nNote: this CVE may be REJECTed as the issue did not affect any released versions of Apache AsterixDB", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "git"}, {"last_affected": "git"}]}]}], "references": [{"type": "ADVISORY", "url": "https://www.openwall.com/lists/oss-security/2020/08/08/2"}]}