Lucene search
K

200 matches found

OSV
OSV
added 2021/04/26 7:12 a.m.10 views

SUSE-SU-2021:1315-1 Security update for apache-commons-io

This update for apache-commons-io fixes the following issues: - CVE-2021-29425: Limited path traversal when invoking the method FileNameUtils.normalize with an improper input string bsc1184755...

5.8CVSS6.4AI score0.10608EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2021/04/26 12:0 a.m.18 views

SUSE: Security Advisory (SUSE-SU-2021:1315-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.8CVSS7.4AI score0.10608EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2021/04/24 12:0 a.m.26 views

openSUSE: Security Advisory for apache-commons-io (openSUSE-SU-2021:0605-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5.8CVSS7AI score0.10608EPSS
Exploits1References2
OSV
OSV
added 2021/04/23 4:5 p.m.11 views

OPENSUSE-SU-2021:0605-1 Security update for apache-commons-io

This update for apache-commons-io fixes the following issues: - CVE-2021-29425: Limited path traversal when invoking the method FileNameUtils.normalize with an improper input string bsc1184755 This update was imported from the SUSE:SLE-15-SP2:Update update project...

5.8CVSS5.3AI score0.10608EPSS
Exploits1References3
OPENSUSE Linux
OPENSUSE Linux
added 2021/04/23 12:0 a.m.45 views

Security update for apache-commons-io (moderate)

openSUSE Security Update: Security update for apache-commons-io Announcement ID: openSUSE-SU-2021:0605-1 Rating: moderate References: 1184755 Cross-References: CVE-2021-29425 CVSS scores: CVE-2021-29425 NVD : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-29425 SUSE: 4.3...

4.3CVSS6.7AI score0.10608EPSS
Exploits1References1
CNVD
CNVD
added 2021/04/23 12:0 a.m.10 views

Apache Commons IO Path Traversal Vulnerability

Apache Commons IO is an application from the American Apache Foundation Apache Inc. It can help develop IO functionality. A path traversal vulnerability exists in Apache Commons IO versions 2.2 through 2.6. The vulnerability is related to the FileNameUtils.normalize method. An attacker can exploi...

5.8CVSS7AI score0.10608EPSS
Exploits1References1
OSV
OSV
added 2021/04/20 12:47 p.m.10 views

SUSE-SU-2021:1282-1 Security update for apache-commons-io

This update for apache-commons-io fixes the following issues: - CVE-2021-29425: Limited path traversal when invoking the method FileNameUtils.normalize with an improper input string bsc1184755...

5.8CVSS6.3AI score0.10608EPSS
Exploits1References3
OSV
OSV
added 2021/04/13 7:15 a.m.9 views

CVE-2021-29425

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above thus "limited" path traversal,...

4.8CVSS6.3AI score
Exploits0References47
NVD
NVD
added 2021/04/13 7:15 a.m.27 views

CVE-2021-29425

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above thus "limited" path traversal,...

5.8CVSS0.10608EPSS
Exploits1References47
OSV
OSV
added 2021/04/13 7:15 a.m.2 views

DEBIAN-CVE-2021-29425

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above thus "limited" path traversal,...

4.8CVSS6.5AI score0.10608EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/04/13 6:50 a.m.22 views

CVE-2021-29425 Possible limited path traversal vulnerabily in Apache Commons IO

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above thus "limited" path traversal,...

6.7AI score0.10608EPSS
Exploits1References47
CVE
CVE
added 2021/04/13 6:50 a.m.634 views

CVE-2021-29425

CVE-2021-29425 affects Apache Commons IO up to version 2.6, specifically FileNameUtils.normalize. With inputs such as "//../foo" or "\..\foo", normalization can yield a value that does not escape to higher directories, potentially enabling access to the parent directory if the resulting path is u...

5.8CVSS6.7AI score0.10608EPSS
In wildExploits1References47Affected Software1
Debian CVE
Debian CVE
added 2021/04/13 6:50 a.m.42 views

CVE-2021-29425

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above thus "limited" path traversal,...

5.8CVSS7.4AI score0.10608EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2021/04/13 12:0 a.m.65 views

CVE-2021-29425

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above thus "limited" path traversal,...

5.8CVSS6.8AI score0.10608EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2021/04/13 12:0 a.m.6 views

PT-2021-2689

Name of the Vulnerable Software and Affected Versions Apache Commons IO versions prior to 2.7 Description The issue is related to the FileNameUtils.normalize method in Apache Commons IO, which incorrectly handles directory traversal sequences such as "//../foo" or "..foo". This could allow a remo...

5.8CVSS6.8AI score0.10608EPSS
Exploits1References134
ATTACKERKB
ATTACKERKB
added 2021/04/13 12:0 a.m.116 views

CVE-2021-29425

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like “//../foo”, or “\..\foo”, the result would be the same value, thus possibly providing access to files in the parent directory, but not further above thus “limited” path traversal,...

5.8CVSS6.5AI score0.10608EPSS
In wildExploits1References48
RedhatCVE
RedhatCVE
added 2021/04/12 9:16 p.m.60 views

CVE-2021-29425

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above thus "limited" path...

5.8CVSS3.5AI score0.10608EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/04/12 12:0 a.m.3 views

Apache Commons IO 路径遍历漏洞

Apache Commons IO is an application from the American Apache Foundation Apache Inc. It can help develop IO functionality. A path traversal vulnerability exists in Apache Commons IO versions 2.2 through 2.6. The vulnerability is related to the FileNameUtils.normalize method. An attacker can exploi...

5.8CVSS8.1AI score0.10608EPSS
Exploits1References107
Rockylinux
Rockylinux
added 2020/11/03 12:32 p.m.7 views

3.6 bug fix and enhancement update

An update is available for apache-commons-io, atinject, jsr-305, maven-shared-utils, plexus-cipher, aopalliance, plexus-classworlds, guava, apache-commons-cli, plexus-containers, plexus-sec-dispatcher, httpcomponents-client, maven-resolver, apache-commons-lang3, plexus-interpolation, sisu,...

1.8AI score
Exploits0
Rockylinux
Rockylinux
added 2020/04/28 9:7 a.m.17 views

new module: maven:3.6

An update is available for apache-commons-io, atinject, jsr-305, maven-shared-utils, plexus-cipher, aopalliance, plexus-classworlds, guava, apache-commons-cli, plexus-containers, plexus-sec-dispatcher, httpcomponents-client, maven-resolver, apache-commons-lang3, plexus-interpolation, sisu,...

1.7AI score
Exploits0
Rows per page
Query Builder