CVE-2021-29425 (CNNVD-202104-702)

MEDIUM
中文标题:
Apache Commons IO 路径遍历漏洞
英文标题:
Possible limited path traversal vulnerabily in Apache Commons IO
CVSS分数: 4.8
发布时间: 2021-04-13 06:50:12
漏洞类型: 路径遍历
状态: PUBLISHED
数据质量分数: 0.30
数据版本: v3
漏洞描述
中文描述:

Apache Commons IO是美国阿帕奇(Apache)基金会的一个应用程序。提供一个帮助开发IO功能。 Apache Commons IO 2.2版本至2.6版本存在路径遍历漏洞,该漏洞源于当使用不正确的输入字符串(例如“ //../foo”或“ .. foo”)调用FileNameUtils.normalize方法时,则可能会提供对父目录中文件的访问权限。

英文描述:

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.

CWE类型:
CWE-20 CWE-22
标签:
(暂无数据)
受影响产品
厂商 产品 版本 版本范围 平台 CPE
Apache Software Foundation Apache Commons IO Apache Commons IO 2.2 - - cpe:2.3:a:apache_software_foundation:apache_commons_io:apache_commons_io_2.2:*:*:*:*:*:*:*
Apache Software Foundation Apache Commons IO Apache Commons IO 2.3 - - cpe:2.3:a:apache_software_foundation:apache_commons_io:apache_commons_io_2.3:*:*:*:*:*:*:*
Apache Software Foundation Apache Commons IO Apache Commons IO 2.4 - - cpe:2.3:a:apache_software_foundation:apache_commons_io:apache_commons_io_2.4:*:*:*:*:*:*:*
Apache Software Foundation Apache Commons IO Apache Commons IO 2.5 - - cpe:2.3:a:apache_software_foundation:apache_commons_io:apache_commons_io_2.5:*:*:*:*:*:*:*
Apache Software Foundation Apache Commons IO Apache Commons IO 2.6 - - cpe:2.3:a:apache_software_foundation:apache_commons_io:apache_commons_io_2.6:*:*:*:*:*:*:*
apache commons_io 2.2 - - cpe:2.3:a:apache:commons_io:2.2:-:*:*:*:*:*:*
apache commons_io 2.3 - - cpe:2.3:a:apache:commons_io:2.3:-:*:*:*:*:*:*
apache commons_io 2.4 - - cpe:2.3:a:apache:commons_io:2.4:-:*:*:*:*:*:*
apache commons_io 2.5 - - cpe:2.3:a:apache:commons_io:2.5:-:*:*:*:*:*:*
apache commons_io 2.6 - - cpe:2.3:a:apache:commons_io:2.6:-:*:*:*:*:*:*
debian debian_linux 9.0 - - cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
oracle access_manager 11.1.2.3.0 - - cpe:2.3:a:oracle:access_manager:11.1.2.3.0:*:*:*:*:*:*:*
oracle access_manager 12.2.1.3.0 - - cpe:2.3:a:oracle:access_manager:12.2.1.3.0:*:*:*:*:*:*:*
oracle access_manager 12.2.1.4.0 - - cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*
oracle agile_engineering_data_management 6.2.1.0 - - cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*
oracle agile_plm 9.3.6 - - cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
oracle application_performance_management 13.4.1.0 - - cpe:2.3:a:oracle:application_performance_management:13.4.1.0:*:*:*:*:*:*:*
oracle application_performance_management 13.5.1.0 - - cpe:2.3:a:oracle:application_performance_management:13.5.1.0:*:*:*:*:*:*:*
oracle application_testing_suite 13.3.0.1 - - cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
oracle banking_apis 18.1 - - cpe:2.3:a:oracle:banking_apis:18.1:*:*:*:*:*:*:*
oracle banking_apis 18.2 - - cpe:2.3:a:oracle:banking_apis:18.2:*:*:*:*:*:*:*
oracle banking_apis 18.3 - - cpe:2.3:a:oracle:banking_apis:18.3:*:*:*:*:*:*:*
oracle banking_apis 19.1 - - cpe:2.3:a:oracle:banking_apis:19.1:*:*:*:*:*:*:*
oracle banking_apis 19.2 - - cpe:2.3:a:oracle:banking_apis:19.2:*:*:*:*:*:*:*
oracle banking_apis 20.1 - - cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*
oracle banking_apis 21.1 - - cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*
oracle banking_digital_experience 17.2 - - cpe:2.3:a:oracle:banking_digital_experience:17.2:*:*:*:*:*:*:*
oracle banking_digital_experience 18.1 - - cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*
oracle banking_digital_experience 18.3 - - cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*
oracle banking_digital_experience 19.1 - - cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*
oracle banking_digital_experience 19.2 - - cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*
oracle banking_digital_experience 20.1 - - cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*
oracle banking_digital_experience 21.1 - - cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:*
oracle banking_enterprise_default_management 2.6.2 - - cpe:2.3:a:oracle:banking_enterprise_default_management:2.6.2:*:*:*:*:*:*:*
oracle banking_enterprise_default_management 2.7.0 - - cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.0:*:*:*:*:*:*:*
oracle banking_enterprise_default_management 2.7.1 - - cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.1:*:*:*:*:*:*:*
oracle banking_enterprise_default_management 2.10.0 - - cpe:2.3:a:oracle:banking_enterprise_default_management:2.10.0:*:*:*:*:*:*:*
oracle banking_enterprise_default_management 2.12.0 - - cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0:*:*:*:*:*:*:*
oracle banking_enterprise_default_managment * - - cpe:2.3:a:oracle:banking_enterprise_default_managment:*:*:*:*:*:*:*:*
oracle banking_party_management 2.7.0 - - cpe:2.3:a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:*
oracle banking_platform * - - cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*
oracle banking_platform 2.6.2 - - cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
oracle banking_platform 2.7.0 - - cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*
oracle banking_platform 2.7.1 - - cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*
oracle blockchain_platform * - - cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*
oracle commerce_guided_search 11.3.2 - - cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*
oracle communications_application_session_controller 3.9.0 - - cpe:2.3:a:oracle:communications_application_session_controller:3.9.0:*:*:*:*:*:*:*
oracle communications_billing_and_revenue_management_elastic_charging_engine 11.3 - - cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:11.3:*:*:*:*:*:*:*
oracle communications_billing_and_revenue_management_elastic_charging_engine 12.0 - - cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:12.0:*:*:*:*:*:*:*
oracle communications_cloud_native_core_network_repository_function 1.14.0 - - cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.14.0:*:*:*:*:*:*:*
oracle communications_cloud_native_core_policy 1.14.0 - - cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*
oracle communications_cloud_native_core_unified_data_repository 1.4.0 - - cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*
oracle communications_contacts_server 8.0.0.6.0 - - cpe:2.3:a:oracle:communications_contacts_server:8.0.0.6.0:*:*:*:*:*:*:*
oracle communications_converged_application_server_-_service_controller 6.2 - - cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.2:*:*:*:*:*:*:*
oracle communications_convergence 3.0.2.2.0 - - cpe:2.3:a:oracle:communications_convergence:3.0.2.2.0:*:*:*:*:*:*:*
oracle communications_design_studio * - - cpe:2.3:a:oracle:communications_design_studio:*:*:*:*:*:*:*:*
oracle communications_design_studio 7.3.5 - - cpe:2.3:a:oracle:communications_design_studio:7.3.5:*:*:*:*:*:*:*
oracle communications_diameter_intelligence_hub * - - cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*
oracle communications_interactive_session_recorder 6.3 - - cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*
oracle communications_interactive_session_recorder 6.4 - - cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*
oracle communications_offline_mediation_controller 12.0.0.3 - - cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*
oracle communications_order_and_service_management 7.3 - - cpe:2.3:a:oracle:communications_order_and_service_management:7.3:*:*:*:*:*:*:*
oracle communications_order_and_service_management 7.4 - - cpe:2.3:a:oracle:communications_order_and_service_management:7.4:*:*:*:*:*:*:*
oracle communications_policy_management 12.5.0.0.0 - - cpe:2.3:a:oracle:communications_policy_management:12.5.0.0.0:*:*:*:*:*:*:*
oracle communications_pricing_design_center 12.0.0.4.0 - - cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*
oracle communications_pricing_design_center 12.0.0.5.0 - - cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.5.0:*:*:*:*:*:*:*
oracle communications_service_broker 6.2 - - cpe:2.3:a:oracle:communications_service_broker:6.2:*:*:*:*:*:*:*
oracle enterprise_communications_broker 3.3 - - cpe:2.3:a:oracle:enterprise_communications_broker:3.3:*:*:*:*:*:*:*
oracle enterprise_session_border_controller 8.4 - - cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*
oracle enterprise_session_border_controller 9.0 - - cpe:2.3:a:oracle:enterprise_session_border_controller:9.0:*:*:*:*:*:*:*
oracle financial_services_analytical_applications_infrastructure * - - cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*
oracle financial_services_model_management_and_governance * - - cpe:2.3:a:oracle:financial_services_model_management_and_governance:*:*:*:*:*:*:*:*
oracle flexcube_core_banking * - - cpe:2.3:a:oracle:flexcube_core_banking:*:*:*:*:*:*:*:*
oracle flexcube_core_banking 5.2.0 - - cpe:2.3:a:oracle:flexcube_core_banking:5.2.0:*:*:*:*:*:*:*
oracle flexcube_core_banking 11.10.0 - - cpe:2.3:a:oracle:flexcube_core_banking:11.10.0:*:*:*:*:*:*:*
oracle fusion_middleware_mapviewer 12.2.1.4.0 - - cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
oracle health_sciences_data_management_workbench 2.5.2.1 - - cpe:2.3:a:oracle:health_sciences_data_management_workbench:2.5.2.1:*:*:*:*:*:*:*
oracle health_sciences_data_management_workbench 3.0.0.0 - - cpe:2.3:a:oracle:health_sciences_data_management_workbench:3.0.0.0:*:*:*:*:*:*:*
oracle health_sciences_information_manager * - - cpe:2.3:a:oracle:health_sciences_information_manager:*:*:*:*:*:*:*:*
oracle healthcare_data_repository 8.1.0 - - cpe:2.3:a:oracle:healthcare_data_repository:8.1.0:*:*:*:*:*:*:*
oracle helidon 1.4.7 - - cpe:2.3:a:oracle:helidon:1.4.7:*:*:*:*:*:*:*
oracle helidon 2.2.0 - - cpe:2.3:a:oracle:helidon:2.2.0:*:*:*:*:*:*:*
oracle insurance_policy_administration 11.0.2 - - cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*
oracle insurance_policy_administration 11.1.0 - - cpe:2.3:a:oracle:insurance_policy_administration:11.1.0:*:*:*:*:*:*:*
oracle insurance_policy_administration 11.2.8 - - cpe:2.3:a:oracle:insurance_policy_administration:11.2.8:*:*:*:*:*:*:*
oracle insurance_policy_administration 11.3.0 - - cpe:2.3:a:oracle:insurance_policy_administration:11.3.0:*:*:*:*:*:*:*
oracle insurance_policy_administration 11.3.1 - - cpe:2.3:a:oracle:insurance_policy_administration:11.3.1:*:*:*:*:*:*:*
oracle insurance_rules_palette 11.0.2 - - cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*
oracle insurance_rules_palette 11.1.0 - - cpe:2.3:a:oracle:insurance_rules_palette:11.1.0:*:*:*:*:*:*:*
oracle insurance_rules_palette 11.2.8 - - cpe:2.3:a:oracle:insurance_rules_palette:11.2.8:*:*:*:*:*:*:*
oracle insurance_rules_palette 11.3.0 - - cpe:2.3:a:oracle:insurance_rules_palette:11.3.0:*:*:*:*:*:*:*
oracle insurance_rules_palette 11.3.1 - - cpe:2.3:a:oracle:insurance_rules_palette:11.3.1:*:*:*:*:*:*:*
oracle oss_support_tools * - - cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:*
oracle primavera_unifier * - - cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
oracle primavera_unifier 18.8 - - cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
oracle primavera_unifier 19.12 - - cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
oracle primavera_unifier 20.12 - - cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*
oracle primavera_unifier 21.12 - - cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*
oracle real_user_experience_insight 13.4.1.0 - - cpe:2.3:a:oracle:real_user_experience_insight:13.4.1.0:*:*:*:*:*:*:*
oracle real_user_experience_insight 13.5.1.0 - - cpe:2.3:a:oracle:real_user_experience_insight:13.5.1.0:*:*:*:*:*:*:*
oracle rest_data_services * - - cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:*
oracle rest_data_services 21.3 - - cpe:2.3:a:oracle:rest_data_services:21.3:*:*:*:-:*:*:*
oracle retail_assortment_planning 16.0.3 - - cpe:2.3:a:oracle:retail_assortment_planning:16.0.3:*:*:*:*:*:*:*
oracle retail_integration_bus * - - cpe:2.3:a:oracle:retail_integration_bus:*:*:*:*:*:*:*:*
oracle retail_integration_bus 13.0 - - cpe:2.3:a:oracle:retail_integration_bus:13.0:*:*:*:*:*:*:*
oracle retail_integration_bus 14.1.3.0 - - cpe:2.3:a:oracle:retail_integration_bus:14.1.3.0:*:*:*:*:*:*:*
oracle retail_integration_bus 14.1.3.2 - - cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*
oracle retail_integration_bus 15.0.3.1 - - cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*
oracle retail_integration_bus 19.0.0 - - cpe:2.3:a:oracle:retail_integration_bus:19.0.0:*:*:*:*:*:*:*
oracle retail_integration_bus 19.0.1 - - cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*
oracle retail_merchandising_system 16.0.3 - - cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*
oracle retail_merchandising_system 19.0.1 - - cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*
oracle retail_order_broker 16.0 - - cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*
oracle retail_order_broker 18.0 - - cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*
oracle retail_order_broker 19.1 - - cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*
oracle retail_pricing 19.0.1 - - cpe:2.3:a:oracle:retail_pricing:19.0.1:*:*:*:*:*:*:*
oracle retail_service_backbone * - - cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*
oracle retail_service_backbone 14.1.3.0 - - cpe:2.3:a:oracle:retail_service_backbone:14.1.3.0:*:*:*:*:*:*:*
oracle retail_service_backbone 14.1.3.2 - - cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*
oracle retail_service_backbone 15.0.3.1 - - cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*
oracle retail_service_backbone 19.0.0 - - cpe:2.3:a:oracle:retail_service_backbone:19.0.0:*:*:*:*:*:*:*
oracle retail_service_backbone 19.0.1 - - cpe:2.3:a:oracle:retail_service_backbone:19.0.1:*:*:*:*:*:*:*
oracle retail_size_profile_optimization 16.0.3 - - cpe:2.3:a:oracle:retail_size_profile_optimization:16.0.3:*:*:*:*:*:*:*
oracle retail_xstore_point_of_service 17.0.4 - - cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*
oracle retail_xstore_point_of_service 18.0.3 - - cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*
oracle retail_xstore_point_of_service 19.0.2 - - cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*
oracle retail_xstore_point_of_service 20.0.1 - - cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*
oracle solaris_cluster 4.0 - - cpe:2.3:a:oracle:solaris_cluster:4.0:*:*:*:*:*:*:*
oracle utilities_testing_accelerator 6.0.0.1.1 - - cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.1.1:*:*:*:*:*:*:*
oracle utilities_testing_accelerator 6.0.0.2.2 - - cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.2.2:*:*:*:*:*:*:*
oracle utilities_testing_accelerator 6.0.0.3.1 - - cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.3.1:*:*:*:*:*:*:*
oracle webcenter_portal 12.2.1.3.0 - - cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
oracle webcenter_portal 12.2.1.4.0 - - cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
oracle weblogic_server 12.1.3.0.0 - - cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
oracle weblogic_server 12.2.1.3.0 - - cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
oracle weblogic_server 12.2.1.4.0 - - cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
oracle weblogic_server 14.1.1.0.0 - - cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
netapp active_iq_unified_manager - - - cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
无标题 x_refsource_MISC
cve.org
访问
无标题 x_refsource_MISC
cve.org
访问
[commons-dev] 20210414 Re: [all] OSS Fuzz mailing-list
cve.org
访问
[commons-dev] 20210415 Re: [all] OSS Fuzz mailing-list
cve.org
访问
[pulsar-commits] 20210420 [GitHub] [pulsar] lhotari opened a new pull request #10287: [Security] Upgrade commons-io to address CVE-2021-29425 mailing-list
cve.org
访问
[pulsar-commits] 20210420 [GitHub] [pulsar] merlimat merged pull request #10287: [Security] Upgrade commons-io to address CVE-2021-29425 mailing-list
cve.org
访问
[creadur-dev] 20210427 [jira] [Closed] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity mailing-list
cve.org
访问
[creadur-dev] 20210427 [jira] [Created] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity mailing-list
cve.org
访问
[creadur-dev] 20210427 [jira] [Commented] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity mailing-list
cve.org
访问
[creadur-dev] 20210427 [jira] [Updated] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity mailing-list
cve.org
访问
[pulsar-commits] 20210429 [pulsar] branch branch-2.7 updated: [Security] Upgrade commons-io to address CVE-2021-29425 (#10287) mailing-list
cve.org
访问
[myfaces-dev] 20210504 [GitHub] [myfaces-tobago] lofwyr14 opened a new pull request #808: build: CVE fix mailing-list
cve.org
访问
[creadur-dev] 20210518 [jira] [Created] (WHISKER-19) Update commons-io to fix CVE-2021-29425 mailing-list
cve.org
访问
[creadur-dev] 20210518 [jira] [Commented] (WHISKER-19) Update commons-io to fix CVE-2021-29425 mailing-list
cve.org
访问
[creadur-dev] 20210518 [jira] [Assigned] (WHISKER-19) Update commons-io to fix CVE-2021-29425 mailing-list
cve.org
访问
[creadur-dev] 20210518 [jira] [Updated] (WHISKER-19) Update commons-io to fix CVE-2021-29425 mailing-list
cve.org
访问
[kafka-users] 20210617 vulnerabilities mailing-list
cve.org
访问
[creadur-dev] 20210621 [jira] [Commented] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity mailing-list
cve.org
访问
[commons-user] 20210709 commons-fileupload dependency and CVE mailing-list
cve.org
访问
[commons-user] 20210709 Re: commons-fileupload dependency and CVE mailing-list
cve.org
访问
[portals-pluto-dev] 20210714 [jira] [Closed] (PLUTO-789) Upgrade to commons-io-2.7 due to CVE-2021-29425 mailing-list
cve.org
访问
[portals-pluto-dev] 20210714 [jira] [Created] (PLUTO-789) Upgrade to commons-io-2.7 due to CVE-2021-29425 mailing-list
cve.org
访问
[portals-pluto-scm] 20210714 [portals-pluto] branch master updated: PLUTO-789 Upgrade to commons-io-2.7 due to CVE-2021-29425 mailing-list
cve.org
访问
[zookeeper-issues] 20210805 [jira] [Updated] (ZOOKEEPER-4343) OWASP Dependency-Check fails with CVE-2021-29425, commons-io-2.6 mailing-list
cve.org
访问
[zookeeper-notifications] 20210805 [GitHub] [zookeeper] ztzg opened a new pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.7 (avoids CVE-2021-29425) mailing-list
cve.org
访问
[zookeeper-dev] 20210805 [jira] [Created] (ZOOKEEPER-4343) OWASP Dependency-Check fails with CVE-2021-29425, commons-io-2.6 mailing-list
cve.org
访问
[zookeeper-notifications] 20210805 [GitHub] [zookeeper] ztzg commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.7 (avoids CVE-2021-29425) mailing-list
cve.org
访问
[zookeeper-issues] 20210805 [jira] [Created] (ZOOKEEPER-4343) OWASP Dependency-Check fails with CVE-2021-29425, commons-io-2.6 mailing-list
cve.org
访问
[zookeeper-notifications] 20210806 [GitHub] [zookeeper] nkalmar commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.7 (avoids CVE-2021-29425) mailing-list
cve.org
访问
[debian-lts-announce] 20210812 [SECURITY] [DLA 2741-1] commons-io security update mailing-list
cve.org
访问
[zookeeper-notifications] 20210813 [GitHub] [zookeeper] ztzg commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425) mailing-list
cve.org
访问
[zookeeper-notifications] 20210813 [GitHub] [zookeeper] eolivelli commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425) mailing-list
cve.org
访问
[zookeeper-notifications] 20210813 [GitHub] [zookeeper] eolivelli commented on a change in pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425) mailing-list
cve.org
访问
[zookeeper-notifications] 20210816 [GitHub] [zookeeper] nkalmar edited a comment on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425) mailing-list
cve.org
访问
[zookeeper-notifications] 20210816 [GitHub] [zookeeper] nkalmar commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425) mailing-list
cve.org
访问
[zookeeper-notifications] 20210825 [GitHub] [zookeeper] ztzg commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425) mailing-list
cve.org
访问
[zookeeper-notifications] 20210825 [GitHub] [zookeeper] ztzg commented on a change in pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425) mailing-list
cve.org
访问
[zookeeper-notifications] 20210825 [GitHub] [zookeeper] eolivelli commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425) mailing-list
cve.org
访问
[zookeeper-notifications] 20210825 [GitHub] [zookeeper] ztzg edited a comment on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425) mailing-list
cve.org
访问
[zookeeper-notifications] 20210901 [GitHub] [zookeeper] ztzg closed pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425) mailing-list
cve.org
访问
[zookeeper-commits] 20210901 [zookeeper] branch master updated: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425) mailing-list
cve.org
访问
[zookeeper-issues] 20210901 [jira] [Resolved] (ZOOKEEPER-4343) OWASP Dependency-Check fails with CVE-2021-29425, commons-io-2.6 mailing-list
cve.org
访问
无标题 x_refsource_MISC
cve.org
访问
无标题 x_refsource_MISC
cve.org
访问
无标题 x_refsource_MISC
cve.org
访问
无标题 x_refsource_CONFIRM
cve.org
访问
无标题 x_refsource_MISC
cve.org
访问
CVSS评分详情
4.8
MEDIUM
CVSS向量: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
CVSS版本: 3.1
机密性
LOW
完整性
LOW
可用性
NONE
时间信息
发布时间:
2021-04-13 06:50:12
修改时间:
2024-08-03 22:02:51
创建时间:
2025-11-11 15:36:48
更新时间:
2025-11-11 15:56:43
利用信息
暂无可利用代码信息
数据源详情
数据源 记录ID 版本 提取时间
CVE cve_CVE-2021-29425 2025-11-11 15:20:55 2025-11-11 07:36:48
NVD nvd_CVE-2021-29425 2025-11-11 14:57:35 2025-11-11 07:45:07
CNNVD cnnvd_CNNVD-202104-702 2025-11-11 15:10:37 2025-11-11 07:56:43
版本与语言
当前版本: v3
主要语言: EN
支持语言:
EN ZH
安全公告
暂无安全公告信息
变更历史
v3 CNNVD
2025-11-11 15:56:43
vulnerability_type: 未提取 → 路径遍历; cnnvd_id: 未提取 → CNNVD-202104-702; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
  • vulnerability_type: 未提取 -> 路径遍历
  • cnnvd_id: 未提取 -> CNNVD-202104-702
  • data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2 NVD
2025-11-11 15:45:07
cvss_score: 未提取 → 4.8; cvss_vector: NOT_EXTRACTED → CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N; cvss_version: NOT_EXTRACTED → 3.1; affected_products_count: 5 → 138; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
  • cvss_score: 未提取 -> 4.8
  • cvss_vector: NOT_EXTRACTED -> CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
  • cvss_version: NOT_EXTRACTED -> 3.1
  • affected_products_count: 5 -> 138
  • data_sources: ['cve'] -> ['cve', 'nvd']