CVE-2021-29425

Path Traversal in maven/commons-io/commons-io

Identifier

CVE-2021-29425

Package Slug

maven/commons-io/commons-io

Vulnerability

Path Traversal

Description

In Apache Commons IO, When invoking the method FileNameUtils.normalize with an improper input string, the result would be the same value, thus possibly providing access to files in the parent directory, but not further above, if the calling code would use the result to construct a path value.

Affected Versions

All versions starting from 2.2 up to 2.6

Solution

Upgrade to version 2.7 or above.

Last Modified

2021-04-30

source