OESA-2021-1182

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1182

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2021-1182.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2021-1182

Upstream

CVE-2021-29425

Published

2021-05-15T01:24:59Z

Modified

2025-08-13T09:18:28.893623Z

Summary

apache-commons-io security update

Details

Apache commons IO library is used for developing IO functionality. It contains a collecton of utilities with utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.

Security Fix(es):

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like //../foo , or .. foo , the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus limited path traversal), if the calling code would use the result to construct a path value.(CVE-2021-29425)

Database specific

{
    "severity": "Medium"
}

References

Affected packages

openEuler:20.03-LTS-SP1 / apache-commons-io

Package

Name: apache-commons-io
Purl: pkg:rpm/openEuler/apache-commons-io&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.6-7.oe1

Ecosystem specific

{
    "src": [
        "apache-commons-io-2.6-7.oe1.src.rpm"
    ],
    "noarch": [
        "apache-commons-io-2.6-7.oe1.noarch.rpm",
        "apache-commons-io-help-2.6-7.oe1.noarch.rpm"
    ]
}