2 matches found
SUSE CVE-2025-27553
Relative Path Traversal vulnerability in Apache Commons VFS before 2.10.0. The FileObject API in Commons VFS has a 'resolveFile' method that takes a 'scope' parameter. Specifying 'NameScope.DESCENDENT' promises that "an exception is thrown if the resolved file is not a descendent of the base file...
Relative Path Traversal
Overview Affected versions of this package are vulnerable to Relative Path Traversal via the resolveFile method when the scope parameter is set to NameScope.DESCENDENT. An attacker can access files outside of the intended directory by including encoded directory traversal sequences such as %2E%2E...