Описание
Security update for apache-commons-io
This update for apache-commons-io fixes the following issues:
- CVE-2021-29425: Limited path traversal when invoking the method FileNameUtils.normalize with an improper input string (bsc#1184755).
Список пакетов
SUSE Linux Enterprise Server 12 SP5
apache-commons-io-2.4-9.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
apache-commons-io-2.4-9.3.1
SUSE Linux Enterprise Software Development Kit 12 SP5
apache-commons-io-2.4-9.3.1
Ссылки
- Link for SUSE-SU-2021:1315-1
- E-Mail link for SUSE-SU-2021:1315-1
- SUSE Security Ratings
- SUSE Bug 1184755
- SUSE CVE CVE-2021-29425 page
Описание
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:apache-commons-io-2.4-9.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:apache-commons-io-2.4-9.3.1
SUSE Linux Enterprise Software Development Kit 12 SP5:apache-commons-io-2.4-9.3.1
Ссылки
- CVE-2021-29425
- SUSE Bug 1184755