Published: 13/04/2021 Updated: 21/11/2024

In Apache Commons IO prior to 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache commons io 2.2
apache commons io 2.3
apache commons io 2.4
apache commons io 2.5
apache commons io 2.6
debian debian linux 9.0
oracle access manager 11.1.2.3.0
oracle access manager 12.2.1.3.0
oracle access manager 12.2.1.4.0
oracle agile engineering data management 6.2.1.0
oracle agile plm 9.3.6
oracle application performance management 13.4.1.0
oracle application performance management 13.5.1.0
oracle application testing suite 13.3.0.1
oracle banking apis 18.1
oracle banking apis 18.2
oracle banking apis 18.3
oracle banking apis 19.1
oracle banking apis 19.2
oracle banking apis 20.1
oracle banking apis 21.1
oracle banking digital experience 17.2
oracle banking digital experience 18.1
oracle banking digital experience 18.3
oracle banking digital experience 19.1
oracle banking digital experience 19.2
oracle banking digital experience 20.1
oracle banking digital experience 21.1
oracle banking enterprise default management 2.6.2
oracle banking enterprise default management 2.7.0
oracle banking enterprise default management 2.7.1
oracle banking enterprise default management 2.10.0
oracle banking enterprise default management 2.12.0
oracle banking enterprise default managment
oracle banking party management 2.7.0
oracle banking platform
oracle banking platform 2.6.2
oracle banking platform 2.7.0
oracle banking platform 2.7.1
oracle blockchain platform
oracle commerce guided search 11.3.2
oracle communications application session controller 3.9.0
oracle communications billing and revenue management elastic charging engine 11.3
oracle communications billing and revenue management elastic charging engine 12.0
oracle communications cloud native core network repository function 1.14.0
oracle communications cloud native core policy 1.14.0
oracle communications cloud native core unified data repository 1.4.0
oracle communications contacts server 8.0.0.6.0
oracle communications converged application server - service controller 6.2
oracle communications convergence 3.0.2.2.0
oracle communications design studio
oracle communications design studio 7.3.5
oracle communications diameter intelligence hub
oracle communications interactive session recorder 6.3
oracle communications interactive session recorder 6.4
oracle communications offline mediation controller 12.0.0.3
oracle communications order and service management 7.3
oracle communications order and service management 7.4
oracle communications policy management 12.5.0.0.0
oracle communications pricing design center 12.0.0.4.0
oracle communications pricing design center 12.0.0.5.0
oracle communications service broker 6.2
oracle enterprise communications broker 3.3
oracle enterprise session border controller 8.4
oracle enterprise session border controller 9.0
oracle financial services analytical applications infrastructure
oracle financial services model management and governance
oracle flexcube core banking
oracle flexcube core banking 5.2.0
oracle flexcube core banking 11.10.0
oracle fusion middleware mapviewer 12.2.1.4.0
oracle health sciences data management workbench 2.5.2.1
oracle health sciences data management workbench 3.0.0.0
oracle health sciences information manager
oracle healthcare data repository 8.1.0
oracle helidon 1.4.7
oracle helidon 2.2.0
oracle insurance policy administration 11.0.2
oracle insurance policy administration 11.1.0
oracle insurance policy administration 11.2.8
oracle insurance policy administration 11.3.0
oracle insurance policy administration 11.3.1
oracle insurance rules palette 11.0.2
oracle insurance rules palette 11.1.0
oracle insurance rules palette 11.2.8
oracle insurance rules palette 11.3.0
oracle insurance rules palette 11.3.1
oracle oss support tools
oracle primavera unifier
oracle primavera unifier 18.8
oracle primavera unifier 19.12
oracle primavera unifier 20.12
oracle primavera unifier 21.12
oracle real user experience insight 13.4.1.0
oracle real user experience insight 13.5.1.0
oracle rest data services
oracle rest data services 21.3
oracle retail assortment planning 16.0.3
oracle retail integration bus
oracle retail integration bus 13.0
oracle retail integration bus 14.1.3.0
oracle retail integration bus 14.1.3.2
oracle retail integration bus 15.0.3.1
oracle retail integration bus 19.0.0
oracle retail integration bus 19.0.1
oracle retail merchandising system 16.0.3
oracle retail merchandising system 19.0.1
oracle retail order broker 16.0
oracle retail order broker 18.0
oracle retail order broker 19.1
oracle retail pricing 19.0.1
oracle retail service backbone
oracle retail service backbone 14.1.3.0
oracle retail service backbone 14.1.3.2
oracle retail service backbone 15.0.3.1
oracle retail service backbone 19.0.0
oracle retail service backbone 19.0.1
oracle retail size profile optimization 16.0.3
oracle retail xstore point of service 17.0.4
oracle retail xstore point of service 18.0.3
oracle retail xstore point of service 19.0.2
oracle retail xstore point of service 20.0.1
oracle solaris cluster 4.0
oracle utilities testing accelerator 6.0.0.1.1
oracle utilities testing accelerator 6.0.0.2.2
oracle utilities testing accelerator 6.0.0.3.1
oracle webcenter portal 12.2.1.3.0
oracle webcenter portal 12.2.1.4.0
oracle weblogic server 12.1.3.0.0
oracle weblogic server 12.2.1.3.0
oracle weblogic server 12.2.1.4.0
oracle weblogic server 14.1.1.0.0
netapp active iq unified manager -

Synopsis Moderate: Red Hat Process Automation Manager 7121 security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat Process Automation ManagerRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gi ...

Synopsis Moderate: Red Hat Decision Manager 7121 security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat Decision ManagerRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed sever ...

In Apache Commons IO before 27, When invoking the method FileNameUtilsnormalize with an improper input string, like "///foo", or "\\\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to const ...

No description is available for this CVE ...

Multiple vulnerabilities have been found in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer Affected products and versions are listed below Please upgrade your version to the appropriate version To find fixed products, need to find same number following product name in [Affected products] and [Fixed products] ...

Hi, I'd like to inform you about a possible limited path traversal vulnerability, that has been detected in Apache Commons IO 22 to 26 This is now being tracked as CVE-2021-29425 Fortunately, this has already been covered in versions 27, and 28 On behalf of the Apache Commons team, Jochen Wiedmann Description: In Apache Commons IO befo ...

Get Started

CVE-2021-29425

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect