Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2021-29425

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.

CVSS v3:

  • Severity: Low
  • Score: 4.8
  • AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CVSS v2:

  • Severity: Medium
  • Score: 5.8
  • AV:N/AC:M/Au:N/C:P/I:P/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
apache / commons_io 2.2 2.2.x
apache / commons_io 2.3 2.3.x
apache / commons_io 2.4 2.4.x
apache / commons_io 2.5 2.5.x
apache / commons_io 2.6 2.6.x
debian / debian_linux 9.0 9.0.x
oracle / weblogic_server 12.1.3.0.0 12.1.3.0.0.x
oracle / retail_integration_bus 13.0 13.0.x
oracle / flexcube_core_banking 5.2.0 5.2.0.x
oracle / solaris_cluster 4.0 4.0.x
oracle / access_manager 11.1.2.3.0 11.1.2.3.0.x
oracle / weblogic_server 12.2.1.3.0 12.2.1.3.0.x
oracle / webcenter_portal 12.2.1.3.0 12.2.1.3.0.x
oracle / access_manager 12.2.1.3.0 12.2.1.3.0.x
oracle / application_testing_suite 13.3.0.1 13.3.0.1.x
oracle / retail_order_broker 16.0 16.0.x
oracle / banking_platform 2.6.2 2.6.2.x
oracle / primavera_unifier 18.8 18.8.x
oracle / primavera_unifier 17.7 17.12.x
oracle / agile_plm 9.3.6 9.3.6.x
oracle / banking_digital_experience 18.3 18.3.x
oracle / banking_digital_experience 19.1 19.1.x
oracle / banking_digital_experience 18.1 18.1.x
oracle / weblogic_server 12.2.1.4.0 12.2.1.4.0.x
oracle / primavera_unifier 19.12 19.12.x
oracle / webcenter_portal 12.2.1.4.0 12.2.1.4.0.x
oracle / fusion_middleware_mapviewer 12.2.1.4.0 12.2.1.4.0.x
oracle / weblogic_server 14.1.1.0.0 14.1.1.0.0.x
oracle / banking_digital_experience 19.2 19.2.x
oracle / banking_digital_experience 20.1 20.1.x
oracle / enterprise_session_border_controller 8.4 8.4.x
oracle / retail_merchandising_system 16.0.3 16.0.3.x
oracle / banking_platform 2.7.0 2.7.0.x
oracle / banking_platform 2.7.1 2.7.1.x
oracle / agile_engineering_data_management 6.2.1.0 6.2.1.0.x
oracle / primavera_unifier 20.12 20.12.x
oracle / communications_order_and_service_management 7.4 7.4.x
oracle / retail_order_broker 18.0 18.0.x
oracle / insurance_rules_palette 11.0.2 11.0.2.x
oracle / insurance_rules_palette 11.1.0 11.1.0.x
oracle / communications_billing_and_revenue_management_elastic_charging_engine 11.3 11.3.x
oracle / communications_billing_and_revenue_management_elastic_charging_engine 12.0 12.0.x
oracle / communications_interactive_session_recorder 6.3 6.3.x
oracle / communications_interactive_session_recorder 6.4 6.4.x
oracle / commerce_guided_search 11.3.2 11.3.2.x
oracle / insurance_policy_administration 11.3.0 11.3.0.x
oracle / retail_xstore_point_of_service 17.0.4 17.0.4.x
oracle / retail_xstore_point_of_service 18.0.3 18.0.3.x
oracle / retail_xstore_point_of_service 19.0.2 19.0.2.x
oracle / retail_xstore_point_of_service 20.0.1 20.0.1.x
oracle / retail_service_backbone 15.0.3.1 15.0.3.1.x
oracle / retail_service_backbone 14.1.3.2 14.1.3.2.x
oracle / insurance_policy_administration 11.0.2 11.0.2.x
oracle / communications_cloud_native_core_unified_data_repository 1.4.0 1.4.0.x
oracle / retail_order_broker 19.1 19.1.x
oracle / enterprise_session_border_controller 9.0 9.0.x
oracle / healthcare_data_repository 8.1.0 8.1.0.x
oracle / communications_application_session_controller 3.9.0 3.9.0.x
oracle / communications_converged_application_server_-_service_controller 6.2 6.2.x
oracle / flexcube_core_banking 11.10.0 11.10.0.x
oracle / banking_enterprise_default_management 2.12.0 2.12.0.x
oracle / banking_enterprise_default_management 2.10.0 2.10.0.x
oracle / real_user_experience_insight 13.4.1.0 13.4.1.0.x
oracle / real_user_experience_insight 13.5.1.0 13.5.1.0.x
oracle / communications_cloud_native_core_network_repository_function 1.14.0 1.14.0.x
oracle / banking_party_management 2.7.0 2.7.0.x
oracle / retail_merchandising_system 19.0.1 19.0.1.x
oracle / retail_integration_bus 14.1.3.2 14.1.3.2.x
oracle / retail_integration_bus 15.0.3.1 15.0.3.1.x
oracle / retail_assortment_planning 16.0.3 16.0.3.x
oracle / communications_order_and_service_management 7.3 7.3.x
oracle / retail_size_profile_optimization 16.0.3 16.0.3.x
oracle / access_manager 12.2.1.4.0 12.2.1.4.0.x
oracle / financial_services_analytical_applications_infrastructure 8.0.7 8.1.1.x
oracle / communications_pricing_design_center 12.0.0.4.0 12.0.0.4.0.x
oracle / communications_convergence 3.0.2.2.0 3.0.2.2.0.x
oracle / primavera_unifier 21.12 21.12.x
oracle / utilities_testing_accelerator 6.0.0.2.2 6.0.0.2.2.x
oracle / utilities_testing_accelerator 6.0.0.3.1 6.0.0.3.1.x
oracle / utilities_testing_accelerator 6.0.0.1.1 6.0.0.1.1.x
oracle / retail_service_backbone 19.0.0 19.0.0.x
oracle / retail_service_backbone 16.0.1 16.0.3.x
oracle / retail_integration_bus 16.0.1 16.0.3.x
oracle / communications_service_broker 6.2 6.2.x
oracle / banking_digital_experience 21.1 21.1.x
oracle / banking_apis 19.1 19.1.x
oracle / banking_apis 19.2 19.2.x
oracle / banking_apis 20.1 20.1.x
oracle / banking_apis 21.1 21.1.x
oracle / communications_cloud_native_core_policy 1.14.0 1.14.0.x
oracle / application_performance_management 13.5.1.0 13.5.1.0.x
oracle / application_performance_management 13.4.1.0 13.4.1.0.x
oracle / banking_platform 2.3.0 2.4.1.x
oracle / banking_enterprise_default_managment 2.3.0 2.4.0.x
oracle / banking_apis 18.2 18.2.x
oracle / banking_digital_experience 17.2 17.2.x
oracle / banking_apis 18.1 18.1.x
oracle / banking_apis 18.3 18.3.x
oracle / communications_design_studio 7.3.5 7.3.5.x
oracle / financial_services_model_management_and_governance 8.0.8 8.1.1.x
oracle / enterprise_communications_broker 3.3 3.3.x
oracle / communications_offline_mediation_controller 12.0.0.3 12.0.0.3.x
oracle / oss_support_tools - 2.12.42
oracle / retail_service_backbone 14.1.3.0 14.1.3.0.x
oracle / retail_service_backbone 19.0.1 19.0.1.x
oracle / retail_integration_bus 14.1.3.0 14.1.3.0.x
oracle / retail_integration_bus 19.0.0 19.0.0.x
oracle / retail_integration_bus 19.0.1 19.0.1.x
oracle / insurance_rules_palette 11.3.1 11.3.1.x
oracle / insurance_policy_administration 11.1.0 11.1.0.x
oracle / insurance_policy_administration 11.3.1 11.3.1.x
oracle / banking_enterprise_default_management 2.7.0 2.7.0.x
oracle / banking_enterprise_default_management 2.7.1 2.7.1.x
oracle / banking_enterprise_default_management 2.6.2 2.6.2.x
oracle / insurance_rules_palette 11.3.0 11.3.0.x
oracle / communications_diameter_intelligence_hub 8.0.0 8.1.0.x
oracle / insurance_policy_administration 11.2.8 11.2.8.x
oracle / communications_diameter_intelligence_hub 8.2.0 8.2.3.x
oracle / communications_pricing_design_center 12.0.0.5.0 12.0.0.5.0.x
oracle / blockchain_platform - 21.1.2
oracle / insurance_rules_palette 11.2.8 11.2.8.x
oracle / health_sciences_information_manager 3.0.1 3.0.4.x
oracle / helidon 2.2.0 2.2.0.x
oracle / helidon 1.4.7 1.4.7.x
oracle / communications_policy_management 12.5.0.0.0 12.5.0.0.0.x
oracle / communications_design_studio 7.4.0 7.4.2.x
oracle / communications_contacts_server 8.0.0.6.0 8.0.0.6.0.x
oracle / rest_data_services - 21.2
oracle / rest_data_services 21.3 21.3.x
oracle / health_sciences_data_management_workbench 2.5.2.1 2.5.2.1.x
oracle / health_sciences_data_management_workbench 3.0.0.0 3.0.0.0.x
oracle / retail_pricing 19.0.1 19.0.1.x
oracle / flexcube_core_banking 11.6.0 11.8.0.x
commons-io / commons-io - 2.7