6 matches found
EUVD-2025-7319
Malicious code in bioql PyPI...
CVE-2025-27553
A flaw was found in Apache Commons VFS. The FileObject API in Commons VFS has a 'resolveFile' method that takes a 'scope' parameter. Specifying 'NameScope.DESCENDENT' promises that "an exception is thrown if the resolved file is not a descendent of the base file". However, when the path contains...
GHSA-9Q4X-FR4M-JP86 Apache Commons VFS Has Relative Path Traversal Vulnerability
Relative Path Traversal vulnerability in Apache Commons VFS before 2.10.0. The FileObject API in Commons VFS has a 'resolveFile' method that takes a 'scope' parameter. Specifying 'NameScope.DESCENDENT' promises that "an exception is thrown if the resolved file is not a descendent of the base file...
Apache Commons VFS Has Relative Path Traversal Vulnerability
Relative Path Traversal vulnerability in Apache Commons VFS before 2.10.0. The FileObject API in Commons VFS has a 'resolveFile' method that takes a 'scope' parameter. Specifying 'NameScope.DESCENDENT' promises that "an exception is thrown if the resolved file is not a descendent of the base file...
CVE-2025-27553
Relative Path Traversal vulnerability in Apache Commons VFS before 2.10.0. The FileObject API in Commons VFS has a 'resolveFile' method that takes a 'scope' parameter. Specifying 'NameScope.DESCENDENT' promises that "an exception is thrown if the resolved file is not a descendent of the base file...
CVE-2025-27553
CVE-2025-27553: Relative Path Traversal in Apache Commons VFS (FileObject.resolveFile with NameScope.DESCENDENT) can bypass descendent checks when paths contain encoded ".."; affected up to Commons VFS 2.9.x, fixed in 2.10.0. IBM bulletin aligns this vulnerability with IBM Content Collector for S...