Vulnerability Details : CVE-2021-29425
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.
Vulnerability category: Directory traversalInput validation
Products affected by CVE-2021-29425
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:commons_io:2.2:-:*:*:*:*:*:*
- cpe:2.3:a:apache:commons_io:2.3:-:*:*:*:*:*:*
- cpe:2.3:a:apache:commons_io:2.4:-:*:*:*:*:*:*
- cpe:2.3:a:apache:commons_io:2.5:-:*:*:*:*:*:*
- cpe:2.3:a:apache:commons_io:2.6:-:*:*:*:*:*:*
- cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:solaris_cluster:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*
- Oracle » Retail Integration BusVersions from including (>=) 16.0.1 and up to, including, (<=) 16.0.3cpe:2.3:a:oracle:retail_integration_bus:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_integration_bus:13.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_integration_bus:14.1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_integration_bus:19.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:enterprise_communications_broker:3.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:insurance_rules_palette:11.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:insurance_rules_palette:11.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:insurance_rules_palette:11.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:insurance_rules_palette:11.2.8:*:*:*:*:*:*:*
- Oracle » Health Sciences Information ManagerVersions from including (>=) 3.0.1 and up to, including, (<=) 3.0.4cpe:2.3:a:oracle:health_sciences_information_manager:*:*:*:*:*:*:*:*
- Oracle » Retail Service BackboneVersions from including (>=) 16.0.1 and up to, including, (<=) 16.0.3cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_service_backbone:19.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_service_backbone:14.1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_service_backbone:19.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_policy_management:12.5.0.0.0:*:*:*:*:*:*:*
- Oracle » Flexcube Core BankingVersions from including (>=) 11.6.0 and up to, including, (<=) 11.8.0cpe:2.3:a:oracle:flexcube_core_banking:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:flexcube_core_banking:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:flexcube_core_banking:11.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_convergence:3.0.2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:access_manager:11.1.2.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:access_manager:12.2.1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
- Oracle » Financial Services Analytical Applications InfrastructureVersions from including (>=) 8.0.7 and up to, including, (<=) 8.1.1cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_order_and_service_management:7.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_order_and_service_management:7.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_assortment_planning:16.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_application_session_controller:3.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_service_broker:6.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:insurance_policy_administration:11.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:insurance_policy_administration:11.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:insurance_policy_administration:11.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:insurance_policy_administration:11.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:health_sciences_data_management_workbench:2.5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:health_sciences_data_management_workbench:3.0.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:*
- cpe:2.3:a:oracle:rest_data_services:21.3:*:*:*:-:*:*:*
- Oracle » Communications Design StudioVersions from including (>=) 7.4.0 and up to, including, (<=) 7.4.2cpe:2.3:a:oracle:communications_design_studio:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_design_studio:7.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:11.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:12.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:banking_digital_experience:17.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:enterprise_session_border_controller:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:real_user_experience_insight:13.4.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:real_user_experience_insight:13.5.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_contacts_server:8.0.0.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:healthcare_data_repository:8.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:application_performance_management:13.4.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:application_performance_management:13.5.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*
- Oracle » Financial Services Model Management And GovernanceVersions from including (>=) 8.0.8 and up to, including, (<=) 8.1.1cpe:2.3:a:oracle:financial_services_model_management_and_governance:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:banking_enterprise_default_management:2.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:banking_enterprise_default_management:2.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.14.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_size_profile_optimization:16.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:banking_apis:19.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:banking_apis:19.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:banking_apis:18.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:banking_apis:18.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:banking_apis:18.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.3.1:*:*:*:*:*:*:*
- Oracle » Banking Enterprise Default ManagmentVersions from including (>=) 2.3.0 and up to, including, (<=) 2.4.0cpe:2.3:a:oracle:banking_enterprise_default_managment:*:*:*:*:*:*:*:*
- Oracle » Communications Diameter Intelligence HubVersions from including (>=) 8.2.0 and up to, including, (<=) 8.2.3cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*
- Oracle » Communications Diameter Intelligence HubVersions from including (>=) 8.0.0 and up to, including, (<=) 8.1.0cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:helidon:1.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:helidon:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_pricing:19.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
- cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
- cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-29425
0.19%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 57 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-29425
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:N |
8.6
|
4.9
|
NIST | |
4.8
|
MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N |
2.2
|
2.5
|
NIST |
CWE ids for CVE-2021-29425
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: security@apache.org (Secondary)
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-29425
-
https://lists.apache.org/thread.html/r92ea904f4bae190b03bd42a4355ce3c2fbe8f36ab673e03f6ca3f9fa@%3Cnotifications.zookeeper.apache.org%3E
Pony Mail!Mailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/r8569a41d565ca880a4dee0e645dad1cd17ab4a92e68055ad9ebb7375@%3Cdev.creadur.apache.org%3E
[jira] [Commented] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/r2345b49dbffa8a5c3c589c082fe39228a2c1d14f11b96c523da701db@%3Cnotifications.zookeeper.apache.org%3E
Pony Mail!Mailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/rc2dd3204260e9227a67253ef68b6f1599446005bfa0e1ddce4573a80@%3Cpluto-dev.portals.apache.org%3E
Pony Mail!Mailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/r27b1eedda37468256c4bb768fde1e8b79b37ec975cbbfd0d65a7ac34@%3Cdev.myfaces.apache.org%3E
[GitHub] [myfaces-tobago] lofwyr14 opened a new pull request #808: build: CVE fix - Pony MailMailing List;Third Party Advisory;Vendor Advisory
-
https://lists.apache.org/thread.html/ra8ef65aedc086d2d3d21492b4c08ae0eb8a3a42cc52e29ba1bc009d8@%3Cdev.creadur.apache.org%3E
[jira] [Created] (WHISKER-19) Update commons-io to fix CVE-2021-29425 - Pony MailMailing List;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20220210-0004/
CVE-2021-29425 Apache Commons IO Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://lists.apache.org/thread.html/rad4ae544747df32ccd58fff5a86cd556640396aeb161aa71dd3d192a@%3Cuser.commons.apache.org%3E
commons-fileupload dependency and CVE - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/r4050f9f6b42ebfa47a98cbdee4aabed4bb5fb8093db7dbb88faceba2@%3Ccommits.zookeeper.apache.org%3E
[zookeeper] branch master updated: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425) - Pony MailMailing List;Patch;Third Party Advisory
-
https://lists.apache.org/thread.html/r808be7d93b17a7055c1981a8453ae5f0d0fce5855407793c5d0ffffa@%3Cuser.commons.apache.org%3E
Re: commons-fileupload dependency and CVE - Pony MailMailing List;Third Party Advisory
-
https://www.oracle.com/security-alerts/cpuapr2022.html
Oracle Critical Patch Update Advisory - April 2022Patch;Third Party Advisory
-
https://lists.apache.org/thread.html/r345330b7858304938b7b8029d02537a116d75265a598c98fa333504a@%3Cdev.creadur.apache.org%3E
[jira] [Commented] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/rc5f3df5316c5237b78a3dff5ab95b311ad08e61d418cd992ca7e34ae@%3Cnotifications.zookeeper.apache.org%3E
[GitHub] [zookeeper] eolivelli commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425) - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/r8efcbabde973ea72f5e0933adc48ef1425db5cde850bf641b3993f31@%3Cdev.commons.apache.org%3E
Re: [all] OSS Fuzz - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/r523a6ffad58f71c4f3761e3cee72df878e48cdc89ebdce933be1475c@%3Cdev.creadur.apache.org%3E
[jira] [Commented] (WHISKER-19) Update commons-io to fix CVE-2021-29425 - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/r873d5ddafc0a68fd999725e559776dc4971d1ab39c0f5cc81bd9bc04@%3Ccommits.pulsar.apache.org%3E
[GitHub] [pulsar] lhotari opened a new pull request #10287: [Security] Upgrade commons-io to address CVE-2021-29425 - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/r20416f39ca7f7344e7d76fe4d7063bb1d91ad106926626e7e83fb346@%3Cnotifications.zookeeper.apache.org%3E
[GitHub] [zookeeper] ztzg commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425) - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/rc359823b5500e9a9a2572678ddb8e01d3505a7ffcadfa8d13b8780ab%40%3Cuser.commons.apache.org%3E
Pony Mail!Mailing List;Vendor Advisory
-
https://www.oracle.com/security-alerts/cpujan2022.html
Oracle Critical Patch Update Advisory - January 2022Patch;Third Party Advisory
-
https://lists.apache.org/thread.html/rc10fa20ef4d13cbf6ebe0b06b5edb95466a1424a9b7673074ed03260@%3Cnotifications.zookeeper.apache.org%3E
[GitHub] [zookeeper] nkalmar commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.7 (avoids CVE-2021-29425) - Pony MailMailing List;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2021/08/msg00016.html
[SECURITY] [DLA 2741-1] commons-io security updateMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/r462db908acc1e37c455e11b1a25992b81efd18e641e7e0ceb1b6e046@%3Cnotifications.zookeeper.apache.org%3E
[GitHub] [zookeeper] ztzg closed pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425) - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/rca71a10ca533eb9bfac2d590533f02e6fb9064d3b6aa3ec90fdc4f51@%3Cnotifications.zookeeper.apache.org%3E
[GitHub] [zookeeper] ztzg commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425) - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/re41e9967bee064e7369411c28f0f5b2ad28b8334907c9c6208017279@%3Cnotifications.zookeeper.apache.org%3E
[GitHub] [zookeeper] eolivelli commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425) - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/red3aea910403d8620c73e1c7b9c9b145798d0469eb3298a7be7891af@%3Cnotifications.zookeeper.apache.org%3E
[GitHub] [zookeeper] nkalmar commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425) - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/rc65f9bc679feffe4589ea0981ee98bc0af9139470f077a91580eeee0@%3Cpluto-dev.portals.apache.org%3E
[jira] [Closed] (PLUTO-789) Upgrade to commons-io-2.7 due to CVE-2021-29425 - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/r2df50af2641d38f432ef025cd2ba5858215cc0cf3fc10396a674ad2e@%3Cpluto-scm.portals.apache.org%3E
[portals-pluto] branch master updated: PLUTO-789 Upgrade to commons-io-2.7 due to CVE-2021-29425 - Pony MailMailing List;Patch;Third Party Advisory
-
https://lists.apache.org/thread.html/r8bfc7235e6b39d90e6f446325a5a44c3e9e50da18860fdabcee23e29@%3Cissues.zookeeper.apache.org%3E
[jira] [Updated] (ZOOKEEPER-4343) OWASP Dependency-Check fails with CVE-2021-29425, commons-io-2.6 - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/rfcd2c649c205f12b72dde044f905903460669a220a2eb7e12652d19d@%3Cdev.zookeeper.apache.org%3E
[jira] [Created] (ZOOKEEPER-4343) OWASP Dependency-Check fails with CVE-2021-29425, commons-io-2.6 - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/r01b4a1fcdf3311c936ce33d75a9398b6c255f00c1a2f312ac21effe1@%3Cnotifications.zookeeper.apache.org%3E
[GitHub] [zookeeper] nkalmar edited a comment on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425) - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/r1c2f4683c35696cf6f863e3c107e37ec41305b1930dd40c17260de71@%3Ccommits.pulsar.apache.org%3E
[pulsar] branch branch-2.7 updated: [Security] Upgrade commons-io to address CVE-2021-29425 (#10287) - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/rfd01af05babc95b8949e6d8ea78d9834699e1b06981040dde419a330@%3Cdev.commons.apache.org%3E
Re: [all] OSS Fuzz - Pony MailMailing List;Vendor Advisory
-
https://issues.apache.org/jira/browse/IO-556
[IO-556] Unexpected behavior of FileNameUtils.normalize may lead to limited path traversal vulnerabilies - ASF JIRAExploit;Issue Tracking;Vendor Advisory
-
https://www.oracle.com/security-alerts/cpuoct2021.html
Oracle Critical Patch Update Advisory - October 2021Third Party Advisory
-
https://lists.apache.org/thread.html/r0d73e2071d1f1afe1a15da14c5b6feb2cf17e3871168d5a3c8451436@%3Ccommits.pulsar.apache.org%3E
[GitHub] [pulsar] merlimat merged pull request #10287: [Security] Upgrade commons-io to address CVE-2021-29425 - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/r5149f78be265be69d34eacb4e4b0fc7c9c697bcdfa91a1c1658d717b@%3Cissues.zookeeper.apache.org%3E
[jira] [Resolved] (ZOOKEEPER-4343) OWASP Dependency-Check fails with CVE-2021-29425, commons-io-2.6 - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/raa053846cae9d497606027816ae87b4e002b2e0eb66cb0dee710e1f5@%3Cdev.creadur.apache.org%3E
Pony Mail!Mailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/rfa2f08b7c0caf80ca9f4a18bd875918fdd4e894e2ea47942a4589b9c@%3Cdev.creadur.apache.org%3E
[jira] [Updated] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe@%3Cusers.kafka.apache.org%3E
Pony Mail!Mailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/rbebd3e19651baa7a4a5503a9901c95989df9d40602c8e35cb05d3eb5@%3Cdev.creadur.apache.org%3E
[jira] [Assigned] (WHISKER-19) Update commons-io to fix CVE-2021-29425 - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/r0bfa8f7921abdfae788b1f076a12f73a92c93cc0a6e1083bce0027c5@%3Cnotifications.zookeeper.apache.org%3E
[GitHub] [zookeeper] ztzg edited a comment on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425) - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/r47ab6f68cbba8e730f42c4ea752f3a44eb95fb09064070f2476bb401@%3Cdev.creadur.apache.org%3E
[jira] [Closed] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity - Pony MailMailing List;Vendor Advisory
-
https://www.oracle.com/security-alerts/cpujul2022.html
Oracle Critical Patch Update Advisory - July 2022Patch;Third Party Advisory
-
https://lists.apache.org/thread.html/r2bc986a070457daca457a54fe71ee09d2584c24dc262336ca32b6a19@%3Cdev.creadur.apache.org%3E
[jira] [Updated] (WHISKER-19) Update commons-io to fix CVE-2021-29425 - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/r477c285126ada5c3b47946bb702cb222ac4e7fd3100c8549bdd6d3b2@%3Cissues.zookeeper.apache.org%3E
[jira] [Created] (ZOOKEEPER-4343) OWASP Dependency-Check fails with CVE-2021-29425, commons-io-2.6 - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/r86528f4b7d222aed7891e7ac03d69a0db2a2dfa17b86ac3470d7f374@%3Cnotifications.zookeeper.apache.org%3E
[GitHub] [zookeeper] ztzg commented on a change in pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425) - Pony MailMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/rd09d4ab3e32e4b3a480e2ff6ff118712981ca82e817f28f2a85652a6@%3Cnotifications.zookeeper.apache.org%3E
[GitHub] [zookeeper] eolivelli commented on a change in pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425) - Pony MailMailing List;Third Party Advisory
Jump to