Skip to content

CVE: 2021-29425 found in Apache Commons IO - Version: 2.2 [JAVA] #842

Open
Open
CVE: 2021-29425 found in Apache Commons IO - Version: 2.2 [JAVA]#842
Labels
Severity: MediumMedium severityVeracode Dependency ScanningA Veracode identified vulnerability
@github-actions

Description

@github-actions
github-actions
bot
opened on Sep 24, 2022

Veracode Software Composition Analysis

Attribute Details
Library Apache Commons IO
Description The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.
Language JAVA
Vulnerability Directory Traversal
Vulnerability description commons-io is vulnerable to directory traversal. Invoking the method FileNameUtils.normalize with a malicious input string would potentially allow access to files within the parent directory.
CVE 2021-29425
CVSS score 5.8
Vulnerability present in version/s 2.2-2.6
Found library version/s 2.2
Vulnerability fixed in version 2.7
Library latest version 2.11.0
Fix

Links:

Metadata

Metadata

Assignees

No one assigned

    Labels

    Severity: MediumMedium severityVeracode Dependency ScanningA Veracode identified vulnerability

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions