6 matches found
EUVD-2025-7319
Malicious code in bioql PyPI...
CVE-2025-27553
A flaw was found in Apache Commons VFS. The FileObject API in Commons VFS has a 'resolveFile' method that takes a 'scope' parameter. Specifying 'NameScope.DESCENDENT' promises that "an exception is thrown if the resolved file is not a descendent of the base file". However, when the path contains...
Apache Commons VFS Has Relative Path Traversal Vulnerability
Relative Path Traversal vulnerability in Apache Commons VFS before 2.10.0. The FileObject API in Commons VFS has a 'resolveFile' method that takes a 'scope' parameter. Specifying 'NameScope.DESCENDENT' promises that "an exception is thrown if the resolved file is not a descendent of the base file...
GHSA-9Q4X-FR4M-JP86 Apache Commons VFS Has Relative Path Traversal Vulnerability
Relative Path Traversal vulnerability in Apache Commons VFS before 2.10.0. The FileObject API in Commons VFS has a 'resolveFile' method that takes a 'scope' parameter. Specifying 'NameScope.DESCENDENT' promises that "an exception is thrown if the resolved file is not a descendent of the base file...
CVE-2025-27553
Relative Path Traversal vulnerability in Apache Commons VFS before 2.10.0. The FileObject API in Commons VFS has a 'resolveFile' method that takes a 'scope' parameter. Specifying 'NameScope.DESCENDENT' promises that "an exception is thrown if the resolved file is not a descendent of the base file...
CVE-2025-27553
CVE-2025-27553: Relative Path Traversal in Apache Commons VFS (FileObject.resolveFile with NameScope.DESCENDENT) can bypass descendent checks when paths contain encoded ".."; affected up to Commons VFS 2.9.x, fixed in 2.10.0. IBM bulletin aligns this vulnerability with IBM Content Collector for S...