Количество 9
Количество 9
GHSA-9q4x-fr4m-jp86
Apache Commons VFS Has Relative Path Traversal Vulnerability
CVE-2025-27553
Relative Path Traversal vulnerability in Apache Commons VFS before 2.10.0. The FileObject API in Commons VFS has a 'resolveFile' method that takes a 'scope' parameter. Specifying 'NameScope.DESCENDENT' promises that "an exception is thrown if the resolved file is not a descendent of the base file". However, when the path contains encoded ".." characters (for example, "%2E%2E/bar.txt"), it might return file objects that are not a descendent of the base file, without throwing an exception. This issue affects Apache Commons VFS: before 2.10.0. Users are recommended to upgrade to version 2.10.0, which fixes the issue.
CVE-2025-27553
Relative Path Traversal vulnerability in Apache Commons VFS before 2.10.0. The FileObject API in Commons VFS has a 'resolveFile' method that takes a 'scope' parameter. Specifying 'NameScope.DESCENDENT' promises that "an exception is thrown if the resolved file is not a descendent of the base file". However, when the path contains encoded ".." characters (for example, "%2E%2E/bar.txt"), it might return file objects that are not a descendent of the base file, without throwing an exception. This issue affects Apache Commons VFS: before 2.10.0. Users are recommended to upgrade to version 2.10.0, which fixes the issue.
CVE-2025-27553
Relative Path Traversal vulnerability in Apache Commons VFS before 2.10.0. The FileObject API in Commons VFS has a 'resolveFile' method that takes a 'scope' parameter. Specifying 'NameScope.DESCENDENT' promises that "an exception is thrown if the resolved file is not a descendent of the base file". However, when the path contains encoded ".." characters (for example, "%2E%2E/bar.txt"), it might return file objects that are not a descendent of the base file, without throwing an exception. This issue affects Apache Commons VFS: before 2.10.0. Users are recommended to upgrade to version 2.10.0, which fixes the issue.
CVE-2025-27553
Relative Path Traversal vulnerability in Apache Commons VFS before 2.1 ...
ELSA-2025-10548
ELSA-2025-10548: apache-commons-vfs security update (MODERATE)
BDU:2025-03216
Уязвимость метода resolveFile единого API для доступа к различным файловым системам Apache Commons VFS (Virtual File System), позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
SUSE-SU-2025:1022-1
Security update for apache-commons-vfs2
ROS-20250827-03
Уязвимость apache-commons-vfs
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-9q4x-fr4m-jp86 Apache Commons VFS Has Relative Path Traversal Vulnerability | CVSS3: 7.5 | 0% Низкий | 8 месяцев назад |
 | CVE-2025-27553 Relative Path Traversal vulnerability in Apache Commons VFS before 2.10.0. The FileObject API in Commons VFS has a 'resolveFile' method that takes a 'scope' parameter. Specifying 'NameScope.DESCENDENT' promises that "an exception is thrown if the resolved file is not a descendent of the base file". However, when the path contains encoded ".." characters (for example, "%2E%2E/bar.txt"), it might return file objects that are not a descendent of the base file, without throwing an exception. This issue affects Apache Commons VFS: before 2.10.0. Users are recommended to upgrade to version 2.10.0, which fixes the issue. | CVSS3: 7.5 | 0% Низкий | 8 месяцев назад |
 | CVE-2025-27553 Relative Path Traversal vulnerability in Apache Commons VFS before 2.10.0. The FileObject API in Commons VFS has a 'resolveFile' method that takes a 'scope' parameter. Specifying 'NameScope.DESCENDENT' promises that "an exception is thrown if the resolved file is not a descendent of the base file". However, when the path contains encoded ".." characters (for example, "%2E%2E/bar.txt"), it might return file objects that are not a descendent of the base file, without throwing an exception. This issue affects Apache Commons VFS: before 2.10.0. Users are recommended to upgrade to version 2.10.0, which fixes the issue. | CVSS3: 5.3 | 0% Низкий | 8 месяцев назад |
 | CVE-2025-27553 Relative Path Traversal vulnerability in Apache Commons VFS before 2.10.0. The FileObject API in Commons VFS has a 'resolveFile' method that takes a 'scope' parameter. Specifying 'NameScope.DESCENDENT' promises that "an exception is thrown if the resolved file is not a descendent of the base file". However, when the path contains encoded ".." characters (for example, "%2E%2E/bar.txt"), it might return file objects that are not a descendent of the base file, without throwing an exception. This issue affects Apache Commons VFS: before 2.10.0. Users are recommended to upgrade to version 2.10.0, which fixes the issue. | CVSS3: 7.5 | 0% Низкий | 8 месяцев назад |
| CVE-2025-27553 Relative Path Traversal vulnerability in Apache Commons VFS before 2.1 ... | CVSS3: 7.5 | 0% Низкий | 8 месяцев назад |
| ELSA-2025-10548 ELSA-2025-10548: apache-commons-vfs security update (MODERATE) | 4 месяца назад | ||
 | BDU:2025-03216 Уязвимость метода resolveFile единого API для доступа к различным файловым системам Apache Commons VFS (Virtual File System), позволяющая нарушителю получить несанкционированный доступ к защищаемой информации | CVSS3: 7.5 | 0% Низкий | 8 месяцев назад |
 | SUSE-SU-2025:1022-1 Security update for apache-commons-vfs2 | 8 месяцев назад | ||
 | ROS-20250827-03 Уязвимость apache-commons-vfs | CVSS3: 7.5 | 0% Низкий | 3 месяца назад |
Уязвимостей на страницу