Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-29425

Опубликовано: 13 апр. 2021
Источник: nvd
CVSS3: 4.8
CVSS2: 5.8
EPSS Низкий

Описание

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:commons_io:2.2:-:*:*:*:*:*:*
cpe:2.3:a:apache:commons_io:2.3:-:*:*:*:*:*:*
cpe:2.3:a:apache:commons_io:2.4:-:*:*:*:*:*:*
cpe:2.3:a:apache:commons_io:2.5:-:*:*:*:*:*:*
cpe:2.3:a:apache:commons_io:2.6:-:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:oracle:access_manager:11.1.2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:access_manager:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_performance_management:13.4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_performance_management:13.5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_apis:18.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_apis:18.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_apis:18.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_apis:19.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_apis:19.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_digital_experience:17.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_enterprise_default_management:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_enterprise_default_management:2.10.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_enterprise_default_managment:*:*:*:*:*:*:*:*
Версия от 2.3.0 (включая) до 2.4.0 (включая)
cpe:2.3:a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*
Версия от 2.3.0 (включая) до 2.4.1 (включая)
cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*
Версия до 21.1.2 (исключая)
cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_application_session_controller:3.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:11.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:12.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.14.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_contacts_server:8.0.0.6.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_convergence:3.0.2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_design_studio:*:*:*:*:*:*:*:*
Версия от 7.4.0 (включая) до 7.4.2 (включая)
cpe:2.3:a:oracle:communications_design_studio:7.3.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*
Версия от 8.0.0 (включая) до 8.1.0 (включая)
cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*
Версия от 8.2.0 (включая) до 8.2.3 (включая)
cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_order_and_service_management:7.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_order_and_service_management:7.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_policy_management:12.5.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_service_broker:6.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_communications_broker:3.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_session_border_controller:9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*
Версия от 8.0.7 (включая) до 8.1.1 (включая)
cpe:2.3:a:oracle:financial_services_model_management_and_governance:*:*:*:*:*:*:*:*
Версия от 8.0.8 (включая) до 8.1.1 (включая)
cpe:2.3:a:oracle:flexcube_core_banking:*:*:*:*:*:*:*:*
Версия от 11.6.0 (включая) до 11.8.0 (включая)
cpe:2.3:a:oracle:flexcube_core_banking:5.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:flexcube_core_banking:11.10.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:health_sciences_data_management_workbench:2.5.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:health_sciences_data_management_workbench:3.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:health_sciences_information_manager:*:*:*:*:*:*:*:*
Версия от 3.0.1 (включая) до 3.0.4 (включая)
cpe:2.3:a:oracle:healthcare_data_repository:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:helidon:1.4.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:helidon:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_policy_administration:11.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_policy_administration:11.2.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_policy_administration:11.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_policy_administration:11.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_rules_palette:11.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_rules_palette:11.2.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_rules_palette:11.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_rules_palette:11.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:*
Версия до 2.12.42 (исключая)
cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
Версия от 17.7 (включая) до 17.12 (включая)
cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:real_user_experience_insight:13.4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:real_user_experience_insight:13.5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:*
Версия до 21.2 (исключая)
cpe:2.3:a:oracle:rest_data_services:21.3:*:*:*:-:*:*:*
cpe:2.3:a:oracle:retail_assortment_planning:16.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_integration_bus:*:*:*:*:*:*:*:*
Версия от 16.0.1 (включая) до 16.0.3 (включая)
cpe:2.3:a:oracle:retail_integration_bus:13.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_integration_bus:14.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_integration_bus:19.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_pricing:19.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*
Версия от 16.0.1 (включая) до 16.0.3 (включая)
cpe:2.3:a:oracle:retail_service_backbone:14.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_service_backbone:19.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_service_backbone:19.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_size_profile_optimization:16.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:solaris_cluster:4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.2.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*

EPSS

Процентиль: 69%
0.00606
Низкий

4.8 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-20
CWE-22

Связанные уязвимости

ubuntu логотип

CVE-2021-29425

CVSS3: 4.8
ubuntu
почти 5 лет назад

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.

redhat логотип

CVE-2021-29425

CVSS3: 4.8
redhat
почти 5 лет назад

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.

debian логотип

CVE-2021-29425

CVSS3: 4.8
debian
почти 5 лет назад

In Apache Commons IO before 2.7, When invoking the method FileNameUtil ...

suse-cvrf логотип

openSUSE-SU-2021:0605-1

suse-cvrf
почти 5 лет назад

Security update for apache-commons-io

suse-cvrf логотип

SUSE-SU-2021:1315-1

suse-cvrf
почти 5 лет назад

Security update for apache-commons-io

EPSS

Процентиль: 69%
0.00606
Низкий

4.8 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-20
CWE-22