CVE-2021-29425
Summary
| CVE | CVE-2021-29425 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-04-13 07:15:00 UTC |
| Updated | 2023-11-07 03:32:00 UTC |
| Description | In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. |
Risk And Classification
Problem Types: CWE-22
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apache | Commons Io | All | All | All | All |
| Application | Apache | Commons Io | 2.2 | - | All | All |
| Application | Apache | Commons Io | 2.3 | - | All | All |
| Application | Apache | Commons Io | 2.4 | - | All | All |
| Application | Apache | Commons Io | 2.5 | - | All | All |
| Application | Apache | Commons Io | 2.6 | - | All | All |
| Application | Apache | Pluto | All | All | All | All |
| Application | Apache | Whisker | All | All | All | All |
| Application | Apache | Whisker | 0.2 | All | All | All |
| Application | Apache | Zookeeper | 3.8.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Application | Netapp | Active Iq Unified Manager | - | All | All | All |
| Application | Netapp | Active Iq Unified Manager | - | All | All | All |
| Application | Netapp | Active Iq Unified Manager | - | All | All | All |
| Application | Oracle | Access Manager | 11.1.2.3.0 | All | All | All |
| Application | Oracle | Access Manager | 12.2.1.3.0 | All | All | All |
| Application | Oracle | Access Manager | 12.2.1.4.0 | All | All | All |
| Application | Oracle | Agile Engineering Data Management | 6.2.1.0 | All | All | All |
| Application | Oracle | Agile Plm | 9.3.6 | All | All | All |
| Application | Oracle | Application Performance Management | 13.4.1.0 | All | All | All |
| Application | Oracle | Application Performance Management | 13.5.1.0 | All | All | All |
| Application | Oracle | Application Testing Suite | 13.3.0.1 | All | All | All |
| Application | Oracle | Banking Apis | 18.1 | All | All | All |
| Application | Oracle | Banking Apis | 18.2 | All | All | All |
| Application | Oracle | Banking Apis | 18.3 | All | All | All |
| Application | Oracle | Banking Apis | 19.1 | All | All | All |
| Application | Oracle | Banking Apis | 19.2 | All | All | All |
| Application | Oracle | Banking Apis | 20.1 | All | All | All |
| Application | Oracle | Banking Apis | 21.1 | All | All | All |
| Application | Oracle | Banking Digital Experience | 17.2 | All | All | All |
| Application | Oracle | Banking Digital Experience | 18.1 | All | All | All |
| Application | Oracle | Banking Digital Experience | 18.3 | All | All | All |
| Application | Oracle | Banking Digital Experience | 19.1 | All | All | All |
| Application | Oracle | Banking Digital Experience | 19.2 | All | All | All |
| Application | Oracle | Banking Digital Experience | 20.1 | All | All | All |
| Application | Oracle | Banking Digital Experience | 21.1 | All | All | All |
| Application | Oracle | Banking Enterprise Default Management | 2.10.0 | All | All | All |
| Application | Oracle | Banking Enterprise Default Management | 2.12.0 | All | All | All |
| Application | Oracle | Banking Enterprise Default Management | 2.6.2 | All | All | All |
| Application | Oracle | Banking Enterprise Default Management | 2.7.0 | All | All | All |
| Application | Oracle | Banking Enterprise Default Management | 2.7.1 | All | All | All |
| Application | Oracle | Banking Enterprise Default Managment | 2.10.0 | All | All | All |
| Application | Oracle | Banking Enterprise Default Managment | 2.12.0 | All | All | All |
| Application | Oracle | Banking Enterprise Default Managment | 2.6.2 | All | All | All |
| Application | Oracle | Banking Enterprise Default Managment | 2.7.0 | All | All | All |
| Application | Oracle | Banking Enterprise Default Managment | 2.7.1 | All | All | All |
| Application | Oracle | Banking Enterprise Default Managment | All | All | All | All |
| Application | Oracle | Banking Party Management | 2.7.0 | All | All | All |
| Application | Oracle | Banking Platform | 2.6.2 | All | All | All |
| Application | Oracle | Banking Platform | 2.7.0 | All | All | All |
| Application | Oracle | Banking Platform | 2.7.1 | All | All | All |
| Application | Oracle | Banking Platform | All | All | All | All |
| Application | Oracle | Blockchain Platform | All | All | All | All |
| Application | Oracle | Commerce Guided Search | 11.3.2 | All | All | All |
| Application | Oracle | Communications Application Session Controller | 3.9.0 | All | All | All |
| Application | Oracle | Communications Billing And Revenue Management Elastic Charging Engine | 11.3 | All | All | All |
| Application | Oracle | Communications Billing And Revenue Management Elastic Charging Engine | 12.0 | All | All | All |
| Application | Oracle | Communications Calendar Server | 8.0.0.6.0 | All | All | All |
| Application | Oracle | Communications Cloud Native Core Network Repository Function | 1.14.0 | All | All | All |
| Application | Oracle | Communications Cloud Native Core Policy | 1.14.0 | All | All | All |
| Application | Oracle | Communications Cloud Native Core Unified Data Repository | 1.4.0 | All | All | All |
| Application | Oracle | Communications Contacts Server | 8.0.0.6.0 | All | All | All |
| Application | Oracle | Communications Converged Application Server - Service Controller | 6.2 | All | All | All |
| Application | Oracle | Communications Convergence | 3.0.2.2.0 | All | All | All |
| Application | Oracle | Communications Design Studio | 7.3.5 | All | All | All |
| Application | Oracle | Communications Design Studio | All | All | All | All |
| Application | Oracle | Communications Diameter Intelligence Hub | All | All | All | All |
| Application | Oracle | Communications Diameter Intelligence Hub | All | All | All | All |
| Application | Oracle | Communications Interactive Session Recorder | 6.3 | All | All | All |
| Application | Oracle | Communications Interactive Session Recorder | 6.4 | All | All | All |
| Operating System | Oracle | Communications Messaging Server | 8.1 | All | All | All |
| Application | Oracle | Communications Metasolv Solution | 6.3.1 | All | All | All |
| Application | Oracle | Communications Offline Mediation Controller | 12.0.0.3 | All | All | All |
| Application | Oracle | Communications Order And Service Management | 7.3 | All | All | All |
| Application | Oracle | Communications Order And Service Management | 7.4 | All | All | All |
| Application | Oracle | Communications Policy Management | 12.5.0.0.0 | All | All | All |
| Application | Oracle | Communications Pricing Design Center | 12.0.0.4.0 | All | All | All |
| Application | Oracle | Communications Pricing Design Center | 12.0.0.5.0 | All | All | All |
| Application | Oracle | Communications Service Broker | 6.2 | All | All | All |
| Application | Oracle | Documaker | All | All | All | All |
| Application | Oracle | Enterprise Communications Broker | 3.3 | All | All | All |
| Application | Oracle | Enterprise Session Border Controller | 8.4 | All | All | All |
| Application | Oracle | Enterprise Session Border Controller | 9.0 | All | All | All |
| Application | Oracle | Financial Services Analytical Applications Infrastructure | All | All | All | All |
| Application | Oracle | Financial Services Model Management And Governance | All | All | All | All |
| Application | Oracle | Flexcube Core Banking | 11.10.0 | All | All | All |
| Application | Oracle | Flexcube Core Banking | 5.2.0 | All | All | All |
| Application | Oracle | Flexcube Core Banking | All | All | All | All |
| Application | Oracle | Fusion Middleware Mapviewer | 12.2.1.4.0 | All | All | All |
| Application | Oracle | Goldengate Application Adapters | 19.1.0.0.0 | All | All | All |
| Application | Oracle | Healthcare Data Repository | 8.1.0 | All | All | All |
| Application | Oracle | Health Sciences Data Management Workbench | 2.5.2.1 | All | All | All |
| Application | Oracle | Health Sciences Data Management Workbench | 3.0.0.0 | All | All | All |
| Application | Oracle | Health Sciences Information Manager | All | All | All | All |
| Application | Oracle | Helidon | 1.4.7 | All | All | All |
| Application | Oracle | Helidon | 2.2.0 | All | All | All |
| Application | Oracle | Hyperion Financial Management | 11.1.2.4 | All | All | All |
| Application | Oracle | Hyperion Financial Management | 11.2.6.0 | All | All | All |
| Application | Oracle | Insurance Policy Administration | 11.0.2 | All | All | All |
| Application | Oracle | Insurance Policy Administration | 11.1.0 | All | All | All |
| Application | Oracle | Insurance Policy Administration | 11.2.8 | All | All | All |
| Application | Oracle | Insurance Policy Administration | 11.3.0 | All | All | All |
| Application | Oracle | Insurance Policy Administration | 11.3.1 | All | All | All |
| Application | Oracle | Insurance Rules Palette | 11.0.2 | All | All | All |
| Application | Oracle | Insurance Rules Palette | 11.1.0 | All | All | All |
| Application | Oracle | Insurance Rules Palette | 11.2.8 | All | All | All |
| Application | Oracle | Insurance Rules Palette | 11.3.0 | All | All | All |
| Application | Oracle | Insurance Rules Palette | 11.3.1 | All | All | All |
| Application | Oracle | Oss Support Tools | All | All | All | All |
| Application | Oracle | Peoplesoft Enterprise Peopletools | 8.57 | All | All | All |
| Application | Oracle | Peoplesoft Enterprise Peopletools | 8.58 | All | All | All |
| Application | Oracle | Primavera Gateway | All | All | All | All |
| Application | Oracle | Primavera Gateway | All | All | All | All |
| Application | Oracle | Primavera Gateway | All | All | All | All |
| Application | Oracle | Primavera Unifier | 18.8 | All | All | All |
| Application | Oracle | Primavera Unifier | 19.12 | All | All | All |
| Application | Oracle | Primavera Unifier | 20.12 | All | All | All |
| Application | Oracle | Primavera Unifier | 21.12 | All | All | All |
| Application | Oracle | Primavera Unifier | All | All | All | All |
| Application | Oracle | Real-time Decision Server | 3.2.0.0 | All | All | All |
| Application | Oracle | Real User Experience Insight | 13.4.1.0 | All | All | All |
| Application | Oracle | Real User Experience Insight | 13.5.1.0 | All | All | All |
| Application | Oracle | Rest Data Services | All | All | All | All |
| Application | Oracle | Rest Data Services | 21.3 | All | All | All |
| Application | Oracle | Retail Assortment Planning | 16.0.3 | All | All | All |
| Application | Oracle | Retail Customer Management And Segmentation Foundation | All | All | All | All |
| Application | Oracle | Retail Integration Bus | 13.0 | All | All | All |
| Application | Oracle | Retail Integration Bus | 14.1.3.0 | All | All | All |
| Application | Oracle | Retail Integration Bus | 14.1.3.2 | All | All | All |
| Application | Oracle | Retail Integration Bus | 15.0.3.1 | All | All | All |
| Application | Oracle | Retail Integration Bus | 19.0.0 | All | All | All |
| Application | Oracle | Retail Integration Bus | 19.0.1 | All | All | All |
| Application | Oracle | Retail Integration Bus | All | All | All | All |
| Application | Oracle | Retail Merchandising System | 16.0.3 | All | All | All |
| Application | Oracle | Retail Merchandising System | 19.0.1 | All | All | All |
| Application | Oracle | Retail Order Broker | 16.0 | All | All | All |
| Application | Oracle | Retail Order Broker | 18.0 | All | All | All |
| Application | Oracle | Retail Order Broker | 19.1 | All | All | All |
| Application | Oracle | Retail Pricing | 19.0.1 | All | All | All |
| Application | Oracle | Retail Service Backbone | 14.1.3.0 | All | All | All |
| Application | Oracle | Retail Service Backbone | 14.1.3.2 | All | All | All |
| Application | Oracle | Retail Service Backbone | 15.0.3.1 | All | All | All |
| Application | Oracle | Retail Service Backbone | 19.0.0 | All | All | All |
| Application | Oracle | Retail Service Backbone | 19.0.1 | All | All | All |
| Application | Oracle | Retail Service Backbone | All | All | All | All |
| Application | Oracle | Retail Size Profile Optimization | 16.0.3 | All | All | All |
| Application | Oracle | Retail Xstore Point Of Service | 17.0.4 | All | All | All |
| Application | Oracle | Retail Xstore Point Of Service | 18.0.3 | All | All | All |
| Application | Oracle | Retail Xstore Point Of Service | 19.0.2 | All | All | All |
| Application | Oracle | Retail Xstore Point Of Service | 20.0.1 | All | All | All |
| Application | Oracle | Solaris Cluster | 4.0 | All | All | All |
| Application | Oracle | Utilities Testing Accelerator | 6.0.0.1.1 | All | All | All |
| Application | Oracle | Utilities Testing Accelerator | 6.0.0.2.2 | All | All | All |
| Application | Oracle | Utilities Testing Accelerator | 6.0.0.3.1 | All | All | All |
| Application | Oracle | Webcenter Portal | 12.2.1.3.0 | All | All | All |
| Application | Oracle | Webcenter Portal | 12.2.1.4.0 | All | All | All |
| Application | Oracle | Weblogic Server | 12.1.3.0.0 | All | All | All |
| Application | Oracle | Weblogic Server | 12.2.1.3.0 | All | All | All |
| Application | Oracle | Weblogic Server | 12.2.1.4.0 | All | All | All |
| Application | Oracle | Weblogic Server | 14.1.1.0.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | MLIST | lists.apache.org | |
| [zookeeper-notifications] 20210805 [GitHub] [zookeeper] ztzg opened a new pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.7 (avoids CVE-2021-29425) | lists.apache.org | ||
| [portals-pluto-dev] 20210714 [jira] [Closed] (PLUTO-789) Upgrade to commons-io-2.7 due to CVE-2021-29425 | lists.apache.org | ||
| [creadur-dev] 20210518 [jira] [Updated] (WHISKER-19) Update commons-io to fix CVE-2021-29425 | lists.apache.org | ||
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | MLIST | lists.apache.org | |
| [creadur-dev] 20210427 [jira] [Created] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity | lists.apache.org | ||
| [zookeeper-issues] 20210805 [jira] [Updated] (ZOOKEEPER-4343) OWASP Dependency-Check fails with CVE-2021-29425, commons-io-2.6 | lists.apache.org | ||
| [zookeeper-notifications] 20210825 [GitHub] [zookeeper] ztzg commented on a change in pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425) | lists.apache.org | ||
| [creadur-dev] 20210518 [jira] [Created] (WHISKER-19) Update commons-io to fix CVE-2021-29425 | lists.apache.org | ||
| [creadur-dev] 20210427 [jira] [Commented] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity | lists.apache.org | ||
| [zookeeper-notifications] 20210813 [GitHub] [zookeeper] eolivelli commented on a change in pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425) | lists.apache.org | ||
| Pony Mail! | MLIST | lists.apache.org | |
| [zookeeper-notifications] 20210825 [GitHub] [zookeeper] ztzg commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425) | lists.apache.org | ||
| [zookeeper-notifications] 20210806 [GitHub] [zookeeper] nkalmar commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.7 (avoids CVE-2021-29425) | lists.apache.org | ||
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | MLIST | lists.apache.org | |
| Oracle Critical Patch Update Advisory - April 2022 | MISC | www.oracle.com | |
| Pony Mail! | MLIST | lists.apache.org | |
| [creadur-dev] 20210518 [jira] [Commented] (WHISKER-19) Update commons-io to fix CVE-2021-29425 | lists.apache.org | ||
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | MLIST | lists.apache.org | |
| CVE-2021-29425 Apache Commons IO Vulnerability in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | |
| [SECURITY] [DLA 2741-1] commons-io security update | MLIST | lists.debian.org | |
| [creadur-dev] 20210427 [jira] [Closed] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity | lists.apache.org | ||
| [pulsar-commits] 20210420 [GitHub] [pulsar] merlimat merged pull request #10287: [Security] Upgrade commons-io to address CVE-2021-29425 | lists.apache.org | ||
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | MLIST | lists.apache.org | |
| [creadur-dev] 20210518 [jira] [Assigned] (WHISKER-19) Update commons-io to fix CVE-2021-29425 | lists.apache.org | ||
| Pony Mail! | MLIST | lists.apache.org | |
| [creadur-dev] 20210621 [jira] [Commented] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity | lists.apache.org | ||
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | MLIST | lists.apache.org | |
| Oracle Critical Patch Update Advisory - October 2021 | MISC | www.oracle.com | |
| [zookeeper-notifications] 20210825 [GitHub] [zookeeper] eolivelli commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425) | lists.apache.org | ||
| Pony Mail! | MLIST | lists.apache.org | |
| Oracle Critical Patch Update Advisory - January 2022 | MISC | www.oracle.com | |
| [zookeeper-issues] 20210805 [jira] [Created] (ZOOKEEPER-4343) OWASP Dependency-Check fails with CVE-2021-29425, commons-io-2.6 | lists.apache.org | ||
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | MISC | lists.apache.org | |
| [portals-pluto-dev] 20210714 [jira] [Created] (PLUTO-789) Upgrade to commons-io-2.7 due to CVE-2021-29425 | lists.apache.org | ||
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | MLIST | lists.apache.org | |
| [zookeeper-notifications] 20210813 [GitHub] [zookeeper] ztzg commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425) | lists.apache.org | ||
| Pony Mail! | MLIST | lists.apache.org | |
| [IO-556] Unexpected behavior of FileNameUtils.normalize may lead to limited path traversal vulnerabilies - ASF JIRA | MISC | issues.apache.org | |
| [zookeeper-notifications] 20210813 [GitHub] [zookeeper] eolivelli commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425) | lists.apache.org | ||
| [pulsar-commits] 20210429 [pulsar] branch branch-2.7 updated: [Security] Upgrade commons-io to address CVE-2021-29425 (#10287) | lists.apache.org | ||
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | MLIST | lists.apache.org | |
| [commons-user] 20210709 commons-fileupload dependency and CVE | lists.apache.org | ||
| [zookeeper-notifications] 20210805 [GitHub] [zookeeper] ztzg commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.7 (avoids CVE-2021-29425) | lists.apache.org | ||
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | MLIST | lists.apache.org | |
| [zookeeper-issues] 20210901 [jira] [Resolved] (ZOOKEEPER-4343) OWASP Dependency-Check fails with CVE-2021-29425, commons-io-2.6 | lists.apache.org | ||
| Pony Mail! | MLIST | lists.apache.org | |
| [commons-dev] 20210415 Re: [all] OSS Fuzz | lists.apache.org | ||
| Pony Mail! | MLIST | lists.apache.org | |
| [creadur-dev] 20210427 [jira] [Updated] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity | lists.apache.org | ||
| [commons-dev] 20210414 Re: [all] OSS Fuzz | lists.apache.org | ||
| [myfaces-dev] 20210504 [GitHub] [myfaces-tobago] lofwyr14 opened a new pull request #808: build: CVE fix | lists.apache.org | ||
| [kafka-users] 20210617 vulnerabilities | lists.apache.org | ||
| Pony Mail! | MLIST | lists.apache.org | |
| [pulsar-commits] 20210420 [GitHub] [pulsar] lhotari opened a new pull request #10287: [Security] Upgrade commons-io to address CVE-2021-29425 | lists.apache.org | ||
| [zookeeper-notifications] 20210816 [GitHub] [zookeeper] nkalmar edited a comment on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425) | lists.apache.org | ||
| [portals-pluto-scm] 20210714 [portals-pluto] branch master updated: PLUTO-789 Upgrade to commons-io-2.7 due to CVE-2021-29425 | lists.apache.org | ||
| [zookeeper-notifications] 20210901 [GitHub] [zookeeper] ztzg closed pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425) | lists.apache.org | ||
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | MLIST | lists.apache.org | |
| [zookeeper-commits] 20210901 [zookeeper] branch master updated: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425) | lists.apache.org | ||
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | MLIST | lists.apache.org | |
| Oracle Critical Patch Update Advisory - July 2022 | N/A | www.oracle.com | |
| [zookeeper-dev] 20210805 [jira] [Created] (ZOOKEEPER-4343) OWASP Dependency-Check fails with CVE-2021-29425, commons-io-2.6 | lists.apache.org | ||
| [commons-user] 20210709 Re: commons-fileupload dependency and CVE | lists.apache.org | ||
| Pony Mail! | MLIST | lists.apache.org | |
| [zookeeper-notifications] 20210816 [GitHub] [zookeeper] nkalmar commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425) | lists.apache.org | ||
| [zookeeper-notifications] 20210825 [GitHub] [zookeeper] ztzg edited a comment on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425) | lists.apache.org | ||
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 150500 Oracle WebLogic Server Multiple Vulnerabilities (JAN2022)
- 150588 Oracle WebLogic Server Multiple Vulnerabilities (CPUOCT2022)
- 174935 SUSE Enterprise Linux Security Update for apache-commons-io (SUSE-SU-2021:1282-1)
- 174945 SUSE Enterprise Linux Security Update for apache-commons-io (SUSE-SU-2021:1315-1)
- 178758 Debian Security Update for commons-io (DLA 2741-1)
- 179750 Debian Security Update for commons-io (CVE-2021-29425)
- 198519 Ubuntu Security Notification for Apache Commons IO Vulnerability (USN-5095-1)
- 20276 Oracle Database 19c Critical OJVM Patch Update - October 2021
- 20290 Oracle Database 12.2.0.1 Critical OJVM Patch Update - October 2021
- 239608 Red Hat Update for Red Hat JBoss Enterprise Application Platform 7.3.9 (RHSA-2021:3468)
- 239609 Red Hat Update for Red Hat JBoss Enterprise Application Platform 7.3.9 (RHSA-2021:3467)
- 239610 Red Hat Update for Red Hat JBoss Enterprise Application Platform 7.3.9 (RHSA-2021:3466)
- 239652 Red Hat Update for Red Hat JBoss Enterprise Application Platform 7.4.1 (RHSA-2021:3658)
- 239653 Red Hat Update for Red Hat JBoss Enterprise Application Platform 7.4.1 (RHSA-2021:3656)
- 355318 Amazon Linux Security Advisory for apache-commons-io : ALAS2-2023-2059
- 375970 Oracle PeopleSoft Enterprise PeopleTools Product Multiple Vulnerabilities (CPUOCT2021)
- 378883 Splunk Enterprise August Third Party Package Updates (SVD-2023-0808)
- 750250 OpenSUSE Security Update for apache-commons-io (openSUSE-SU-2021:0605-1)
- 87467 Oracle WebLogic Server Multiple Vulnerabilities (CPUOCT2021)
- 87478 Oracle WebLogic Server Multiple Vulnerabilities (CPUJAN2022)
- 87542 Oracle WebLogic Server Multiple Vulnerabilities (CPUAPR2023)
- 980351 Java (maven) Security Update for commons-io:commons-io (GHSA-gwrp-pvrq-jmwv)