Количество 9
Количество 9
CVE-2021-29425
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.
CVE-2021-29425
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.
CVE-2021-29425
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.
CVE-2021-29425
In Apache Commons IO before 2.7, When invoking the method FileNameUtil ...
openSUSE-SU-2021:0605-1
Security update for apache-commons-io
SUSE-SU-2021:1315-1
Security update for apache-commons-io
SUSE-SU-2021:1282-1
Security update for apache-commons-io
GHSA-gwrp-pvrq-jmwv
Path Traversal and Improper Input Validation in Apache Commons IO
BDU:2021-02220
Уязвимость метода FileNameUtils.normalize библиотеки Apache Commons IO, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-29425 In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. | CVSS3: 4.8 | 1% Низкий | почти 5 лет назад |
 | CVE-2021-29425 In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. | CVSS3: 4.8 | 1% Низкий | почти 5 лет назад |
 | CVE-2021-29425 In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. | CVSS3: 4.8 | 1% Низкий | почти 5 лет назад |
| CVE-2021-29425 In Apache Commons IO before 2.7, When invoking the method FileNameUtil ... | CVSS3: 4.8 | 1% Низкий | почти 5 лет назад |
 | openSUSE-SU-2021:0605-1 Security update for apache-commons-io | 1% Низкий | почти 5 лет назад | |
| SUSE-SU-2021:1315-1 Security update for apache-commons-io | 1% Низкий | почти 5 лет назад | |
| SUSE-SU-2021:1282-1 Security update for apache-commons-io | 1% Низкий | почти 5 лет назад | |
| GHSA-gwrp-pvrq-jmwv Path Traversal and Improper Input Validation in Apache Commons IO | CVSS3: 4.8 | 1% Низкий | почти 5 лет назад |
 | BDU:2021-02220 Уязвимость метода FileNameUtils.normalize библиотеки Apache Commons IO, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации | CVSS3: 5.3 | 1% Низкий | почти 5 лет назад |
Уязвимостей на страницу