{"vulnerability": "CVE-2023-35887", "sightings": [{"uuid": "1e332aad-81ff-47e6-9b29-8302ced60bbb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-35887", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lwwto3hr7p2c", "content": "", "creation_timestamp": "2025-08-21T21:02:39.130480Z"}, {"uuid": "e75e0375-168b-4107-90a2-4258839bc612", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-35887", "type": "seen", "source": "https://t.me/cibsecurity/66258", "content": "\u203c CVE-2023-35887 \u203c\n\nExposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA.In SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover \"exists/does not exist\" information about items outside the rooted tree via paths including parent navigation (\"..\") beyond the root, or involving symlinks.This issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-28T21:27:26.000000Z"}]}