CVE-2021-29425

Published on: 04/13/2021 12:00:00 AM UTC

Last Modified on: 10/27/2022 01:19:00 PM UTC

CVE-2021-29425

Source: Mitre Source: NIST CVE.ORG Print: PDF PDF
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Certain versions of Commons Io from Apache contain the following vulnerability:

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.

  • CVE-2021-29425 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as MEDIUM severity.
  • Affected Vendor/Software: URL Logo Apache Software Foundation - Apache Commons IO version = 2.2
  • Affected Vendor/Software: URL Logo Apache Software Foundation - Apache Commons IO version = 2.3
  • Affected Vendor/Software: URL Logo Apache Software Foundation - Apache Commons IO version = 2.4
  • Affected Vendor/Software: URL Logo Apache Software Foundation - Apache Commons IO version = 2.5
  • Affected Vendor/Software: URL Logo Apache Software Foundation - Apache Commons IO version = 2.6
Vulnerability Patch/Work Around
  • Neither the method in question (FileNameUtils.normalize) nor any methods, that invoke it, do actually access any files. There's only a string returned, from which a path can be constructed. In other words, a possible workaround would be not passing any unsafe input to FileNameUtils.normalize.
  • Upgrade to Apache Commons IO 2.7, or later, where the same method returns the value null, as an indication of "invalid input".

CVSS3 Score: 4.8 - MEDIUM

Attack
Vector 		Attack
Complexity		 Privileges
Required		 User
Interaction
NETWORK HIGH NONE NONE
Scope Confidentiality
Impact		 Integrity
Impact		 Availability
Impact
UNCHANGED LOW LOW NONE

CVSS2 Score: 5.8 - MEDIUM

Access
Vector		 Access
Complexity		 Authentication
NETWORK MEDIUM NONE
Confidentiality
Impact		 Integrity
Impact		 Availability
Impact
PARTIAL PARTIAL NONE

CVE References

Description Tags Link
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [creadur-dev] 20210427 [jira] [Commented] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [kafka-users] 20210617 vulnerabilities
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [creadur-dev] 20210518 [jira] [Commented] (WHISKER-19) Update commons-io to fix CVE-2021-29425
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [zookeeper-notifications] 20210825 [GitHub] [zookeeper] ztzg edited a comment on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [zookeeper-notifications] 20210813 [GitHub] [zookeeper] eolivelli commented on a change in pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [zookeeper-notifications] 20210901 [GitHub] [zookeeper] ztzg closed pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [zookeeper-notifications] 20210805 [GitHub] [zookeeper] ztzg opened a new pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.7 (avoids CVE-2021-29425)
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [zookeeper-notifications] 20210813 [GitHub] [zookeeper] eolivelli commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)
Oracle Critical Patch Update Advisory - April 2022 www.oracle.com
text/html
 URL Logo MISC www.oracle.com/security-alerts/cpuapr2022.html
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [zookeeper-commits] 20210901 [zookeeper] branch master updated: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [portals-pluto-dev] 20210714 [jira] [Closed] (PLUTO-789) Upgrade to commons-io-2.7 due to CVE-2021-29425
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [portals-pluto-scm] 20210714 [portals-pluto] branch master updated: PLUTO-789 Upgrade to commons-io-2.7 due to CVE-2021-29425
CVE-2021-29425 Apache Commons IO Vulnerability in NetApp Products | NetApp Product Security security.netapp.com
text/html
 URL Logo CONFIRM security.netapp.com/advisory/ntap-20220210-0004/
[SECURITY] [DLA 2741-1] commons-io security update lists.debian.org
text/html
 URL Logo MLIST [debian-lts-announce] 20210812 [SECURITY] [DLA 2741-1] commons-io security update
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [pulsar-commits] 20210420 [GitHub] [pulsar] merlimat merged pull request #10287: [Security] Upgrade commons-io to address CVE-2021-29425
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [pulsar-commits] 20210420 [GitHub] [pulsar] lhotari opened a new pull request #10287: [Security] Upgrade commons-io to address CVE-2021-29425
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [zookeeper-notifications] 20210816 [GitHub] [zookeeper] nkalmar edited a comment on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [zookeeper-notifications] 20210816 [GitHub] [zookeeper] nkalmar commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [zookeeper-notifications] 20210813 [GitHub] [zookeeper] ztzg commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [zookeeper-notifications] 20210825 [GitHub] [zookeeper] ztzg commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [pulsar-commits] 20210429 [pulsar] branch branch-2.7 updated: [Security] Upgrade commons-io to address CVE-2021-29425 (#10287)
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [creadur-dev] 20210518 [jira] [Updated] (WHISKER-19) Update commons-io to fix CVE-2021-29425
Oracle Critical Patch Update Advisory - October 2021 www.oracle.com
text/html
 URL Logo MISC www.oracle.com/security-alerts/cpuoct2021.html
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [zookeeper-issues] 20210805 [jira] [Created] (ZOOKEEPER-4343) OWASP Dependency-Check fails with CVE-2021-29425, commons-io-2.6
Oracle Critical Patch Update Advisory - January 2022 www.oracle.com
text/html
 URL Logo MISC www.oracle.com/security-alerts/cpujan2022.html
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [zookeeper-notifications] 20210806 [GitHub] [zookeeper] nkalmar commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.7 (avoids CVE-2021-29425)
Pony Mail! lists.apache.org
text/html
 URL Logo MISC lists.apache.org/thread.html/rc359823b5500e9a9a2572678ddb8e01d3505a7ffcadfa8d13b8780ab%40%3Cuser.commons.apache.org%3E
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [commons-dev] 20210414 Re: [all] OSS Fuzz
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [creadur-dev] 20210621 [jira] [Commented] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [commons-user] 20210709 Re: commons-fileupload dependency and CVE
[IO-556] Unexpected behavior of FileNameUtils.normalize may lead to limited path traversal vulnerabilies - ASF JIRA issues.apache.org
text/html
 URL Logo MISC issues.apache.org/jira/browse/IO-556
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [zookeeper-dev] 20210805 [jira] [Created] (ZOOKEEPER-4343) OWASP Dependency-Check fails with CVE-2021-29425, commons-io-2.6
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [commons-user] 20210709 commons-fileupload dependency and CVE
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [zookeeper-issues] 20210901 [jira] [Resolved] (ZOOKEEPER-4343) OWASP Dependency-Check fails with CVE-2021-29425, commons-io-2.6
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [creadur-dev] 20210518 [jira] [Assigned] (WHISKER-19) Update commons-io to fix CVE-2021-29425
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [commons-dev] 20210415 Re: [all] OSS Fuzz
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [creadur-dev] 20210427 [jira] [Created] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [creadur-dev] 20210518 [jira] [Created] (WHISKER-19) Update commons-io to fix CVE-2021-29425
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [zookeeper-issues] 20210805 [jira] [Updated] (ZOOKEEPER-4343) OWASP Dependency-Check fails with CVE-2021-29425, commons-io-2.6
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [creadur-dev] 20210427 [jira] [Closed] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [zookeeper-notifications] 20210805 [GitHub] [zookeeper] ztzg commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.7 (avoids CVE-2021-29425)
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [myfaces-dev] 20210504 [GitHub] [myfaces-tobago] lofwyr14 opened a new pull request #808: build: CVE fix
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [portals-pluto-dev] 20210714 [jira] [Created] (PLUTO-789) Upgrade to commons-io-2.7 due to CVE-2021-29425
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [creadur-dev] 20210427 [jira] [Updated] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [zookeeper-notifications] 20210825 [GitHub] [zookeeper] eolivelli commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)
Oracle Critical Patch Update Advisory - July 2022 www.oracle.com
text/html
 URL Logo MISC www.oracle.com/security-alerts/cpujul2022.html
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [zookeeper-notifications] 20210825 [GitHub] [zookeeper] ztzg commented on a change in pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)
By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

Related QID Numbers

  • 150500 Oracle WebLogic Server Multiple Vulnerabilities (JAN2022)
  • 150588 Oracle WebLogic Server Multiple Vulnerabilities (CPUOCT2022)
  • 174935 SUSE Enterprise Linux Security Update for apache-commons-io (SUSE-SU-2021:1282-1)
  • 174945 SUSE Enterprise Linux Security Update for apache-commons-io (SUSE-SU-2021:1315-1)
  • 178758 Debian Security Update for commons-io (DLA 2741-1)
  • 179750 Debian Security Update for commons-io (CVE-2021-29425)
  • 198519 Ubuntu Security Notification for Apache Commons IO Vulnerability (USN-5095-1)
  • 20276 Oracle Database 19c Critical OJVM Patch Update - October 2021
  • 20290 Oracle Database 12.2.0.1 Critical OJVM Patch Update - October 2021
  • 239608 Red Hat Update for Red Hat JBoss Enterprise Application Platform 7.3.9 (RHSA-2021:3468)
  • 239609 Red Hat Update for Red Hat JBoss Enterprise Application Platform 7.3.9 (RHSA-2021:3467)
  • 239610 Red Hat Update for Red Hat JBoss Enterprise Application Platform 7.3.9 (RHSA-2021:3466)
  • 239652 Red Hat Update for Red Hat JBoss Enterprise Application Platform 7.4.1 (RHSA-2021:3658)
  • 239653 Red Hat Update for Red Hat JBoss Enterprise Application Platform 7.4.1 (RHSA-2021:3656)
  • 375970 Oracle PeopleSoft Enterprise PeopleTools Product Multiple Vulnerabilities (CPUOCT2021)
  • 750250 OpenSUSE Security Update for apache-commons-io (openSUSE-SU-2021:0605-1)
  • 87467 Oracle WebLogic Server Multiple Vulnerabilities (CPUOCT2021)
  • 87478 Oracle WebLogic Server Multiple Vulnerabilities (CPUJAN2022)
  • 980351 Java (maven) Security Update for commons-io:commons-io (GHSA-gwrp-pvrq-jmwv)

Exploit/POC from Github

PoC for exploiting CVE-2021-29425 : In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize…

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationApacheCommons IoAllAllAllAll
ApplicationApacheCommons Io2.2-AllAll
ApplicationApacheCommons Io2.3-AllAll
ApplicationApacheCommons Io2.4-AllAll
ApplicationApacheCommons Io2.5-AllAll
ApplicationApacheCommons Io2.6-AllAll
ApplicationApachePlutoAllAllAllAll
ApplicationApacheWhiskerAllAllAllAll
ApplicationApacheWhisker0.2AllAllAll
ApplicationApacheZookeeper3.8.0AllAllAll
Operating
System		DebianDebian Linux9.0AllAllAll
ApplicationNetappActive Iq Unified Manager-AllAllAll
ApplicationNetappActive Iq Unified Manager-AllAllAll
ApplicationNetappActive Iq Unified Manager-AllAllAll
ApplicationOracleAccess Manager11.1.2.3.0AllAllAll
ApplicationOracleAccess Manager12.2.1.3.0AllAllAll
ApplicationOracleAccess Manager12.2.1.4.0AllAllAll
ApplicationOracleAgile Engineering Data Management6.2.1.0AllAllAll
ApplicationOracleAgile Plm9.3.6AllAllAll
ApplicationOracleApplication Performance Management13.4.1.0AllAllAll
ApplicationOracleApplication Performance Management13.5.1.0AllAllAll
ApplicationOracleApplication Testing Suite13.3.0.1AllAllAll
ApplicationOracleBanking Apis18.1AllAllAll
ApplicationOracleBanking Apis18.2AllAllAll
ApplicationOracleBanking Apis18.3AllAllAll
ApplicationOracleBanking Apis19.1AllAllAll
ApplicationOracleBanking Apis19.2AllAllAll
ApplicationOracleBanking Apis20.1AllAllAll
ApplicationOracleBanking Apis21.1AllAllAll
ApplicationOracleBanking Digital Experience17.2AllAllAll
ApplicationOracleBanking Digital Experience18.1AllAllAll
ApplicationOracleBanking Digital Experience18.3AllAllAll
ApplicationOracleBanking Digital Experience19.1AllAllAll
ApplicationOracleBanking Digital Experience19.2AllAllAll
ApplicationOracleBanking Digital Experience20.1AllAllAll
ApplicationOracleBanking Digital Experience21.1AllAllAll
ApplicationOracleBanking Enterprise Default Management2.10.0AllAllAll
ApplicationOracleBanking Enterprise Default Management2.12.0AllAllAll
ApplicationOracleBanking Enterprise Default Management2.6.2AllAllAll
ApplicationOracleBanking Enterprise Default Management2.7.0AllAllAll
ApplicationOracleBanking Enterprise Default Management2.7.1AllAllAll
ApplicationOracleBanking Enterprise Default Managment2.10.0AllAllAll
ApplicationOracleBanking Enterprise Default Managment2.12.0AllAllAll
ApplicationOracleBanking Enterprise Default Managment2.6.2AllAllAll
ApplicationOracleBanking Enterprise Default Managment2.7.0AllAllAll
ApplicationOracleBanking Enterprise Default Managment2.7.1AllAllAll
ApplicationOracleBanking Enterprise Default ManagmentAllAllAllAll
ApplicationOracleBanking Party Management2.7.0AllAllAll
ApplicationOracleBanking Platform2.6.2AllAllAll
ApplicationOracleBanking Platform2.7.0AllAllAll
ApplicationOracleBanking Platform2.7.1AllAllAll
ApplicationOracleBanking PlatformAllAllAllAll
ApplicationOracleBlockchain PlatformAllAllAllAll
ApplicationOracleCommerce Guided Search11.3.2AllAllAll
ApplicationOracleCommunications Application Session Controller3.9.0AllAllAll
ApplicationOracleCommunications Billing And Revenue Management Elastic Charging Engine11.3AllAllAll
ApplicationOracleCommunications Billing And Revenue Management Elastic Charging Engine12.0AllAllAll
ApplicationOracleCommunications Calendar Server8.0.0.6.0AllAllAll
ApplicationOracleCommunications Cloud Native Core Network Repository Function1.14.0AllAllAll
ApplicationOracleCommunications Cloud Native Core Policy1.14.0AllAllAll
ApplicationOracleCommunications Cloud Native Core Unified Data Repository1.4.0AllAllAll
ApplicationOracleCommunications Contacts Server8.0.0.6.0AllAllAll
ApplicationOracleCommunications Converged Application Server - Service Controller6.2AllAllAll
ApplicationOracleCommunications Convergence3.0.2.2.0AllAllAll
ApplicationOracleCommunications Design Studio7.3.5AllAllAll
ApplicationOracleCommunications Design StudioAllAllAllAll
ApplicationOracleCommunications Diameter Intelligence HubAllAllAllAll
ApplicationOracleCommunications Diameter Intelligence HubAllAllAllAll
ApplicationOracleCommunications Interactive Session Recorder6.3AllAllAll
ApplicationOracleCommunications Interactive Session Recorder6.4AllAllAll
Operating
System		OracleCommunications Messaging Server8.1AllAllAll
ApplicationOracleCommunications Metasolv Solution6.3.1AllAllAll
ApplicationOracleCommunications Offline Mediation Controller12.0.0.3AllAllAll
ApplicationOracleCommunications Order And Service Management7.3AllAllAll
ApplicationOracleCommunications Order And Service Management7.4AllAllAll
ApplicationOracleCommunications Policy Management12.5.0.0.0AllAllAll
ApplicationOracleCommunications Pricing Design Center12.0.0.4.0AllAllAll
ApplicationOracleCommunications Pricing Design Center12.0.0.5.0AllAllAll
ApplicationOracleCommunications Service Broker6.2AllAllAll
ApplicationOracleDocumakerAllAllAllAll
ApplicationOracleEnterprise Communications Broker3.3AllAllAll
ApplicationOracleEnterprise Session Border Controller8.4AllAllAll
ApplicationOracleEnterprise Session Border Controller9.0AllAllAll
ApplicationOracleFinancial Services Analytical Applications InfrastructureAllAllAllAll
ApplicationOracleFinancial Services Model Management And GovernanceAllAllAllAll
ApplicationOracleFlexcube Core Banking11.10.0AllAllAll
ApplicationOracleFlexcube Core Banking5.2.0AllAllAll
ApplicationOracleFlexcube Core BankingAllAllAllAll
ApplicationOracleFusion Middleware Mapviewer12.2.1.4.0AllAllAll
ApplicationOracleGoldengate Application Adapters19.1.0.0.0AllAllAll
ApplicationOracleHealthcare Data Repository8.1.0AllAllAll
ApplicationOracleHealth Sciences Data Management Workbench2.5.2.1AllAllAll
ApplicationOracleHealth Sciences Data Management Workbench3.0.0.0AllAllAll
ApplicationOracleHealth Sciences Information ManagerAllAllAllAll
ApplicationOracleHelidon1.4.7AllAllAll
ApplicationOracleHelidon2.2.0AllAllAll
ApplicationOracleHyperion Financial Management11.1.2.4AllAllAll
ApplicationOracleHyperion Financial Management11.2.6.0AllAllAll
ApplicationOracleInsurance Policy Administration11.0.2AllAllAll
ApplicationOracleInsurance Policy Administration11.1.0AllAllAll
ApplicationOracleInsurance Policy Administration11.2.8AllAllAll
ApplicationOracleInsurance Policy Administration11.3.0AllAllAll
ApplicationOracleInsurance Policy Administration11.3.1AllAllAll
ApplicationOracleInsurance Rules Palette11.0.2AllAllAll
ApplicationOracleInsurance Rules Palette11.1.0AllAllAll
ApplicationOracleInsurance Rules Palette11.2.8AllAllAll
ApplicationOracleInsurance Rules Palette11.3.0AllAllAll
ApplicationOracleInsurance Rules Palette11.3.1AllAllAll
ApplicationOracleOss Support ToolsAllAllAllAll
ApplicationOraclePeoplesoft Enterprise Peopletools8.57AllAllAll
ApplicationOraclePeoplesoft Enterprise Peopletools8.58AllAllAll
ApplicationOraclePrimavera GatewayAllAllAllAll
ApplicationOraclePrimavera GatewayAllAllAllAll
ApplicationOraclePrimavera GatewayAllAllAllAll
ApplicationOraclePrimavera Unifier18.8AllAllAll
ApplicationOraclePrimavera Unifier19.12AllAllAll
ApplicationOraclePrimavera Unifier20.12AllAllAll
ApplicationOraclePrimavera Unifier21.12AllAllAll
ApplicationOraclePrimavera UnifierAllAllAllAll
ApplicationOracleReal-time Decision Server3.2.0.0AllAllAll
ApplicationOracleReal User Experience Insight13.4.1.0AllAllAll
ApplicationOracleReal User Experience Insight13.5.1.0AllAllAll
ApplicationOracleRest Data ServicesAllAllAllAll
ApplicationOracleRest Data Services21.3AllAllAll
ApplicationOracleRetail Assortment Planning16.0.3AllAllAll
ApplicationOracleRetail Customer Management And Segmentation FoundationAllAllAllAll
ApplicationOracleRetail Integration Bus13.0AllAllAll
ApplicationOracleRetail Integration Bus14.1.3.0AllAllAll
ApplicationOracleRetail Integration Bus14.1.3.2AllAllAll
ApplicationOracleRetail Integration Bus15.0.3.1AllAllAll
ApplicationOracleRetail Integration Bus19.0.0AllAllAll
ApplicationOracleRetail Integration Bus19.0.1AllAllAll
ApplicationOracleRetail Integration BusAllAllAllAll
ApplicationOracleRetail Merchandising System16.0.3AllAllAll
ApplicationOracleRetail Merchandising System19.0.1AllAllAll
ApplicationOracleRetail Order Broker16.0AllAllAll
ApplicationOracleRetail Order Broker18.0AllAllAll
ApplicationOracleRetail Order Broker19.1AllAllAll
ApplicationOracleRetail Pricing19.0.1AllAllAll
ApplicationOracleRetail Service Backbone14.1.3.0AllAllAll
ApplicationOracleRetail Service Backbone14.1.3.2AllAllAll
ApplicationOracleRetail Service Backbone15.0.3.1AllAllAll
ApplicationOracleRetail Service Backbone19.0.0AllAllAll
ApplicationOracleRetail Service Backbone19.0.1AllAllAll
ApplicationOracleRetail Service BackboneAllAllAllAll
ApplicationOracleRetail Size Profile Optimization16.0.3AllAllAll
ApplicationOracleRetail Xstore Point Of Service17.0.4AllAllAll
ApplicationOracleRetail Xstore Point Of Service18.0.3AllAllAll
ApplicationOracleRetail Xstore Point Of Service19.0.2AllAllAll
ApplicationOracleRetail Xstore Point Of Service20.0.1AllAllAll
ApplicationOracleSolaris Cluster4.0AllAllAll
ApplicationOracleUtilities Testing Accelerator6.0.0.1.1AllAllAll
ApplicationOracleUtilities Testing Accelerator6.0.0.2.2AllAllAll
ApplicationOracleUtilities Testing Accelerator6.0.0.3.1AllAllAll
ApplicationOracleWebcenter Portal12.2.1.3.0AllAllAll
ApplicationOracleWebcenter Portal12.2.1.4.0AllAllAll
ApplicationOracleWeblogic Server12.1.3.0.0AllAllAll
ApplicationOracleWeblogic Server12.2.1.3.0AllAllAll
ApplicationOracleWeblogic Server12.2.1.4.0AllAllAll
ApplicationOracleWeblogic Server14.1.1.0.0AllAllAll
  • cpe:2.3:a:apache:commons_io:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:commons_io:2.2:-:*:*:*:*:*:*:
  • cpe:2.3:a:apache:commons_io:2.3:-:*:*:*:*:*:*:
  • cpe:2.3:a:apache:commons_io:2.4:-:*:*:*:*:*:*:
  • cpe:2.3:a:apache:commons_io:2.5:-:*:*:*:*:*:*:
  • cpe:2.3:a:apache:commons_io:2.6:-:*:*:*:*:*:*:
  • cpe:2.3:a:apache:pluto:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:whisker:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:whisker:0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:zookeeper:3.8.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*:
  • cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*:
  • cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*:
  • cpe:2.3:a:oracle:access_manager:11.1.2.3.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:access_manager:12.2.1.3.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:application_performance_management:13.4.1.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:application_performance_management:13.5.1.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:banking_apis:18.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:banking_apis:18.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:banking_apis:18.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:banking_apis:19.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:banking_apis:19.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:banking_digital_experience:17.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:banking_enterprise_default_management:2.10.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:banking_enterprise_default_management:2.6.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:banking_enterprise_default_managment:2.10.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:banking_enterprise_default_managment:2.12.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:banking_enterprise_default_managment:2.6.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:banking_enterprise_default_managment:2.7.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:banking_enterprise_default_managment:2.7.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:banking_enterprise_default_managment:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_application_session_controller:3.9.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:11.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:12.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_calendar_server:8.0.0.6.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.14.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_contacts_server:8.0.0.6.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_convergence:3.0.2.2.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_design_studio:7.3.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_design_studio:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*:
  • cpe:2.3:o:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_order_and_service_management:7.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_order_and_service_management:7.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_policy_management:12.5.0.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.5.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_service_broker:6.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:documaker:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:enterprise_communications_broker:3.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:enterprise_session_border_controller:9.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:financial_services_model_management_and_governance:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:flexcube_core_banking:11.10.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:flexcube_core_banking:5.2.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:flexcube_core_banking:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:healthcare_data_repository:8.1.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:health_sciences_data_management_workbench:2.5.2.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:health_sciences_data_management_workbench:3.0.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:health_sciences_information_manager:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:helidon:1.4.7:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:helidon:2.2.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:hyperion_financial_management:11.1.2.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:hyperion_financial_management:11.2.6.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:insurance_policy_administration:11.1.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:insurance_policy_administration:11.2.8:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:insurance_policy_administration:11.3.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:insurance_policy_administration:11.3.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:insurance_rules_palette:11.1.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:insurance_rules_palette:11.2.8:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:insurance_rules_palette:11.3.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:insurance_rules_palette:11.3.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:real-time_decision_server:3.2.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:real_user_experience_insight:13.4.1.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:real_user_experience_insight:13.5.1.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:*:
  • cpe:2.3:a:oracle:rest_data_services:21.3:*:*:*:-:*:*:*:
  • cpe:2.3:a:oracle:retail_assortment_planning:16.0.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_integration_bus:13.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_integration_bus:14.1.3.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_integration_bus:19.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_integration_bus:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_pricing:19.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_service_backbone:14.1.3.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_service_backbone:19.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_service_backbone:19.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_size_profile_optimization:16.0.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:solaris_cluster:4.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.1.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.2.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.3.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*:

Social Mentions

Source Title Posted (UTC)
Twitter Icon @oss_security CVE-2021-29425 (Possible limited path traversal in Apache Commons IO 2.2 to 2.6): Posted by Jochen Wiedmann on Apr… twitter.com/i/web/status/1… 2021-04-12 19:15:05
Twitter Icon @CVEreport CVE-2021-29425 : In #Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an imprope… twitter.com/i/web/status/1… 2021-04-13 06:54:52
Twitter Icon @ApacheZooKeeper #zookeeper: "[jira] [Created] (ZOOKEEPER-4343) OWASP Dependency-Check fails with CVE-2021-29425, commons-io-2.6" ift.tt/3js81wf 2021-08-05 08:58:13
Twitter Icon @AlirezaGhahrood exploit CVE-2021-29425: Apache Commons IO <2.7 - "Limited" Path Traversal (PoC) lnkd.in/dBDUhUp8 Black Hat… twitter.com/i/web/status/1… 2021-08-08 13:59:01
Twitter Icon @Securityblog GitHub - AlAIAL90/CVE-2021-29425: PoC for exploiting CVE-2021-29425 : In Apache Commons IO before 2.7, When invokin… twitter.com/i/web/status/1… 2021-08-09 07:20:30
Twitter Icon @management_sun IT Risk:Red Hat.AMQ Streamsに多くの脆弱性 CVE-2021-34428 CVE-2021-29425 CVE-2021-28169 CVE-2021-28168 CVE-2021-28165 CVE-2… twitter.com/i/web/status/1… 2021-08-27 00:23:49
Twitter Icon @management_sun IT Risk:RMany vulnerabilities in ed Hat.AMQ Streams CVE-2021-34428 CVE-2021-29425 CVE-2021-28169 CVE-2021-28168 CVE… twitter.com/i/web/status/1… 2021-08-27 00:23:56
Twitter Icon @management_sun IT Risk:Red Hat.JBoss Enterprise Application Platformに複数の脆弱性 CVE-2021-29425 CVE-2021-28170 CVE-2021-21409 CVE-2021-… twitter.com/i/web/status/1… 2021-09-24 00:50:51
Twitter Icon @management_sun IT Risk:Red Hat.Multiple vulnerabilities in JBoss Enterprise Application Platform CVE-2021-29425 CVE-2021-28170 CVE… twitter.com/i/web/status/1… 2021-09-24 00:51:28
Reddit Logo Icon /r/netcve CVE-2021-29425 2021-04-13 07:11:18
© CVE.report 2023 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report