200 matches found
SUSE-SU-2021:1315-1 Security update for apache-commons-io
This update for apache-commons-io fixes the following issues: - CVE-2021-29425: Limited path traversal when invoking the method FileNameUtils.normalize with an improper input string bsc1184755...
SUSE: Security Advisory (SUSE-SU-2021:1315-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for apache-commons-io (openSUSE-SU-2021:0605-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
OPENSUSE-SU-2021:0605-1 Security update for apache-commons-io
This update for apache-commons-io fixes the following issues: - CVE-2021-29425: Limited path traversal when invoking the method FileNameUtils.normalize with an improper input string bsc1184755 This update was imported from the SUSE:SLE-15-SP2:Update update project...
Security update for apache-commons-io (moderate)
openSUSE Security Update: Security update for apache-commons-io Announcement ID: openSUSE-SU-2021:0605-1 Rating: moderate References: 1184755 Cross-References: CVE-2021-29425 CVSS scores: CVE-2021-29425 NVD : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-29425 SUSE: 4.3...
Apache Commons IO Path Traversal Vulnerability
Apache Commons IO is an application from the American Apache Foundation Apache Inc. It can help develop IO functionality. A path traversal vulnerability exists in Apache Commons IO versions 2.2 through 2.6. The vulnerability is related to the FileNameUtils.normalize method. An attacker can exploi...
SUSE-SU-2021:1282-1 Security update for apache-commons-io
This update for apache-commons-io fixes the following issues: - CVE-2021-29425: Limited path traversal when invoking the method FileNameUtils.normalize with an improper input string bsc1184755...
CVE-2021-29425
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above thus "limited" path traversal,...
CVE-2021-29425
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above thus "limited" path traversal,...
DEBIAN-CVE-2021-29425
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above thus "limited" path traversal,...
CVE-2021-29425 Possible limited path traversal vulnerabily in Apache Commons IO
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above thus "limited" path traversal,...
CVE-2021-29425
CVE-2021-29425 affects Apache Commons IO up to version 2.6, specifically FileNameUtils.normalize. With inputs such as "//../foo" or "\..\foo", normalization can yield a value that does not escape to higher directories, potentially enabling access to the parent directory if the resulting path is u...
CVE-2021-29425
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above thus "limited" path traversal,...
CVE-2021-29425
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above thus "limited" path traversal,...
PT-2021-2689
Name of the Vulnerable Software and Affected Versions Apache Commons IO versions prior to 2.7 Description The issue is related to the FileNameUtils.normalize method in Apache Commons IO, which incorrectly handles directory traversal sequences such as "//../foo" or "..foo". This could allow a remo...
CVE-2021-29425
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like “//../foo”, or “\..\foo”, the result would be the same value, thus possibly providing access to files in the parent directory, but not further above thus “limited” path traversal,...
CVE-2021-29425
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above thus "limited" path...
Apache Commons IO 路径遍历漏洞
Apache Commons IO is an application from the American Apache Foundation Apache Inc. It can help develop IO functionality. A path traversal vulnerability exists in Apache Commons IO versions 2.2 through 2.6. The vulnerability is related to the FileNameUtils.normalize method. An attacker can exploi...
3.6 bug fix and enhancement update
An update is available for apache-commons-io, atinject, jsr-305, maven-shared-utils, plexus-cipher, aopalliance, plexus-classworlds, guava, apache-commons-cli, plexus-containers, plexus-sec-dispatcher, httpcomponents-client, maven-resolver, apache-commons-lang3, plexus-interpolation, sisu,...
new module: maven:3.6
An update is available for apache-commons-io, atinject, jsr-305, maven-shared-utils, plexus-cipher, aopalliance, plexus-classworlds, guava, apache-commons-cli, plexus-containers, plexus-sec-dispatcher, httpcomponents-client, maven-resolver, apache-commons-lang3, plexus-interpolation, sisu,...