CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Vulnerability Details : CVE-2021-29425

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.
Publish Date : 2021-04-13 Last Update Date : 2022-05-12
Search Twitter   Search YouTube   Search Google

- CVSS Scores & Vulnerability Types

CVSS Score
5.8
Confidentiality Impact Partial (There is considerable informational disclosure.)
Integrity Impact Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact None (There is no impact to the availability of the system.)
Access Complexity Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication Not required (Authentication is not required to exploit the vulnerability.)
Gained Access None
Vulnerability Type(s) Directory traversal
CWE ID 22

- Products Affected By CVE-2021-29425

# Product Type Vendor Product Version Update Edition Language
1 Application Apache Commons Io 2.2 - * * Version Details Vulnerabilities
2 Application Apache Commons Io 2.3 - * * Version Details Vulnerabilities
3 Application Apache Commons Io 2.4 - * * Version Details Vulnerabilities
4 Application Apache Commons Io 2.5 - * * Version Details Vulnerabilities
5 Application Apache Commons Io 2.6 - * * Version Details Vulnerabilities
6 OS Debian Debian Linux 9.0 * * * Version Details Vulnerabilities
7 Application Netapp Active Iq Unified Manager - * * * Version Details Vulnerabilities
8 Application Netapp Active Iq Unified Manager - * * * Version Details Vulnerabilities
9 Application Netapp Active Iq Unified Manager - * * * Version Details Vulnerabilities
10 Application Oracle Access Manager 11.1.2.3.0 * * * Version Details Vulnerabilities
11 Application Oracle Access Manager 12.2.1.3.0 * * * Version Details Vulnerabilities
12 Application Oracle Access Manager 12.2.1.4.0 * * * Version Details Vulnerabilities
13 Application Oracle Agile Plm 9.3.6 * * * Version Details Vulnerabilities
14 Application Oracle Application Performance Management 13.4.1.0 * * * Version Details Vulnerabilities
15 Application Oracle Application Performance Management 13.5.1.0 * * * Version Details Vulnerabilities
16 Application Oracle Application Testing Suite 13.3.0.1 * * * Version Details Vulnerabilities
17 Application Oracle Banking Apis 18.1 * * * Version Details Vulnerabilities
18 Application Oracle Banking Apis 18.2 * * * Version Details Vulnerabilities
19 Application Oracle Banking Apis 18.3 * * * Version Details Vulnerabilities
20 Application Oracle Banking Apis 19.1 * * * Version Details Vulnerabilities
21 Application Oracle Banking Apis 19.2 * * * Version Details Vulnerabilities
22 Application Oracle Banking Apis 20.1 * * * Version Details Vulnerabilities
23 Application Oracle Banking Apis 21.1 * * * Version Details Vulnerabilities
24 Application Oracle Banking Digital Experience 17.2 * * * Version Details Vulnerabilities
25 Application Oracle Banking Digital Experience 18.1 * * * Version Details Vulnerabilities
26 Application Oracle Banking Digital Experience 18.3 * * * Version Details Vulnerabilities
27 Application Oracle Banking Digital Experience 19.1 * * * Version Details Vulnerabilities
28 Application Oracle Banking Digital Experience 19.2 * * * Version Details Vulnerabilities
29 Application Oracle Banking Digital Experience 20.1 * * * Version Details Vulnerabilities
30 Application Oracle Banking Digital Experience 21.1 * * * Version Details Vulnerabilities
31 Application Oracle Banking Enterprise Default Managment * * * * Version Details Vulnerabilities
32 Application Oracle Banking Enterprise Default Managment 2.6.2 * * * Version Details Vulnerabilities
33 Application Oracle Banking Enterprise Default Managment 2.7.0 * * * Version Details Vulnerabilities
34 Application Oracle Banking Enterprise Default Managment 2.7.1 * * * Version Details Vulnerabilities
35 Application Oracle Banking Enterprise Default Managment 2.10.0 * * * Version Details Vulnerabilities
36 Application Oracle Banking Enterprise Default Managment 2.12.0 * * * Version Details Vulnerabilities
37 Application Oracle Banking Party Management 2.7.0 * * * Version Details Vulnerabilities
38 Application Oracle Banking Platform * * * * Version Details Vulnerabilities
39 Application Oracle Banking Platform 2.6.2 * * * Version Details Vulnerabilities
40 Application Oracle Banking Platform 2.7.0 * * * Version Details Vulnerabilities
41 Application Oracle Banking Platform 2.7.1 * * * Version Details Vulnerabilities
42 Application Oracle Blockchain Platform * * * * Version Details Vulnerabilities
43 Application Oracle Commerce Guided Search 11.3.2 * * * Version Details Vulnerabilities
44 Application Oracle Communications Application Session Controller 3.9.0 * * * Version Details Vulnerabilities
45 Application Oracle Communications Billing And Revenue Management Elastic Charging Engine 11.3 * * * Version Details Vulnerabilities
46 Application Oracle Communications Billing And Revenue Management Elastic Charging Engine 12.0 * * * Version Details Vulnerabilities
47 Application Oracle Communications Cloud Native Core Network Repository Function 1.14.0 * * * Version Details Vulnerabilities
48 Application Oracle Communications Cloud Native Core Policy 1.14.0 * * * Version Details Vulnerabilities
49 Application Oracle Communications Cloud Native Core Unified Data Repository 1.4.0 * * * Version Details Vulnerabilities
50 Application Oracle Communications Contacts Server 8.0.0.6.0 * * * Version Details Vulnerabilities
51 Application Oracle Communications Converged Application Server - Service Controller 6.2 * * * Version Details Vulnerabilities
52 Application Oracle Communications Convergence 3.0.2.2.0 * * * Version Details Vulnerabilities
53 Application Oracle Communications Design Studio * * * * Version Details Vulnerabilities
54 Application Oracle Communications Design Studio 7.3.5 * * * Version Details Vulnerabilities
55 Application Oracle Communications Diameter Intelligence Hub * * * * Version Details Vulnerabilities
56 Application Oracle Communications Interactive Session Recorder 6.3 * * * Version Details Vulnerabilities
57 Application Oracle Communications Interactive Session Recorder 6.4 * * * Version Details Vulnerabilities
58 Application Oracle Communications Offline Mediation Controller 12.0.0.3 * * * Version Details Vulnerabilities
59 Application Oracle Communications Order And Service Management 7.3 * * * Version Details Vulnerabilities
60 Application Oracle Communications Order And Service Management 7.4 * * * Version Details Vulnerabilities
61 Application Oracle Communications Policy Management 12.5.0.0.0 * * * Version Details Vulnerabilities
62 Application Oracle Communications Pricing Design Center 12.0.0.4.0 * * * Version Details Vulnerabilities
63 Application Oracle Communications Pricing Design Center 12.0.0.5.0 * * * Version Details Vulnerabilities
64 Application Oracle Communications Service Broker 6.2 * * * Version Details Vulnerabilities
65 Application Oracle Enterprise Communications Broker 3.3 * * * Version Details Vulnerabilities
66 Application Oracle Enterprise Session Border Controller 8.4 * * * Version Details Vulnerabilities
67 Application Oracle Enterprise Session Border Controller 9.0 * * * Version Details Vulnerabilities
68 Application Oracle Financial Services Analytical Applications Infrastructure * * * * Version Details Vulnerabilities
69 Application Oracle Financial Services Model Management And Governance * * * * Version Details Vulnerabilities
70 Application Oracle Fusion Middleware Mapviewer 12.2.1.4.0 * * * Version Details Vulnerabilities
71 Application Oracle Health Sciences Information Manager * * * * Version Details Vulnerabilities
72 Application Oracle Healthcare Data Repository 8.1.0 * * * Version Details Vulnerabilities
73 Application Oracle Helidon 1.4.7 * * * Version Details Vulnerabilities
74 Application Oracle Helidon 2.2.0 * * * Version Details Vulnerabilities
75 Application Oracle Insurance Policy Administration 11.0.2 * * * Version Details Vulnerabilities
76 Application Oracle Insurance Policy Administration 11.1.0 * * * Version Details Vulnerabilities
77 Application Oracle Insurance Policy Administration 11.2.8 * * * Version Details Vulnerabilities
78 Application Oracle Insurance Policy Administration 11.3.0 * * * Version Details Vulnerabilities
79 Application Oracle Insurance Policy Administration 11.3.1 * * * Version Details Vulnerabilities
80 Application Oracle Insurance Rules Palette 11.0.2 * * * Version Details Vulnerabilities
81 Application Oracle Insurance Rules Palette 11.1.0 * * * Version Details Vulnerabilities
82 Application Oracle Insurance Rules Palette 11.2.8 * * * Version Details Vulnerabilities
83 Application Oracle Insurance Rules Palette 11.3.0 * * * Version Details Vulnerabilities
84 Application Oracle Insurance Rules Palette 11.3.1 * * * Version Details Vulnerabilities
85 Application Oracle Oss Support Tools * * * * Version Details Vulnerabilities
86 Application Oracle Primavera Unifier * * * * Version Details Vulnerabilities
87 Application Oracle Primavera Unifier 18.8 * * * Version Details Vulnerabilities
88 Application Oracle Primavera Unifier 19.12 * * * Version Details Vulnerabilities
89 Application Oracle Primavera Unifier 20.12 * * * Version Details Vulnerabilities
90 Application Oracle Primavera Unifier 21.12 * * * Version Details Vulnerabilities
91 Application Oracle Real User Experience Insight 13.4.1.0 * * * Version Details Vulnerabilities
92 Application Oracle Real User Experience Insight 13.5.1.0 * * * Version Details Vulnerabilities
93 Application Oracle Rest Data Services * * * * Version Details Vulnerabilities
94 Application Oracle Rest Data Services 21.3 * * * Version Details Vulnerabilities
95 Application Oracle Retail Assortment Planning 16.0.3 * * * Version Details Vulnerabilities
96 Application Oracle Retail Integration Bus * * * * Version Details Vulnerabilities
97 Application Oracle Retail Integration Bus 13.0 * * * Version Details Vulnerabilities
98 Application Oracle Retail Integration Bus 14.1.3.0 * * * Version Details Vulnerabilities
99 Application Oracle Retail Integration Bus 14.1.3.2 * * * Version Details Vulnerabilities
100 Application Oracle Retail Integration Bus 15.0.3.1 * * * Version Details Vulnerabilities
101 Application Oracle Retail Integration Bus 19.0.0 * * * Version Details Vulnerabilities
102 Application Oracle Retail Integration Bus 19.0.1 * * * Version Details Vulnerabilities
103 Application Oracle Retail Order Broker 16.0 * * * Version Details Vulnerabilities
104 Application Oracle Retail Order Broker 18.0 * * * Version Details Vulnerabilities
105 Application Oracle Retail Order Broker 19.1 * * * Version Details Vulnerabilities
106 Application Oracle Retail Service Backbone * * * * Version Details Vulnerabilities
107 Application Oracle Retail Service Backbone 14.1.3.0 * * * Version Details Vulnerabilities
108 Application Oracle Retail Service Backbone 14.1.3.2 * * * Version Details Vulnerabilities
109 Application Oracle Retail Service Backbone 15.0.3.1 * * * Version Details Vulnerabilities
110 Application Oracle Retail Service Backbone 19.0.0 * * * Version Details Vulnerabilities
111 Application Oracle Retail Service Backbone 19.0.1 * * * Version Details Vulnerabilities
112 Application Oracle Retail Size Profile Optimization 16.0.3 * * * Version Details Vulnerabilities
113 Application Oracle Solaris Cluster 4.0 * * * Version Details Vulnerabilities
114 Application Oracle Utilities Testing Accelerator 6.0.0.1.1 * * * Version Details Vulnerabilities
115 Application Oracle Utilities Testing Accelerator 6.0.0.2.2 * * * Version Details Vulnerabilities
116 Application Oracle Utilities Testing Accelerator 6.0.0.3.1 * * * Version Details Vulnerabilities
117 Application Oracle Webcenter Portal 12.2.1.3.0 * * * Version Details Vulnerabilities
118 Application Oracle Webcenter Portal 12.2.1.4.0 * * * Version Details Vulnerabilities
119 Application Oracle Weblogic Server 12.1.3.0.0 * * * Version Details Vulnerabilities
120 Application Oracle Weblogic Server 12.2.1.3.0 * * * Version Details Vulnerabilities
121 Application Oracle Weblogic Server 12.2.1.4.0 * * * Version Details Vulnerabilities
122 Application Oracle Weblogic Server 14.1.1.0.0 * * * Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor Product Vulnerable Versions
Apache Commons Io 5
Debian Debian Linux 1
Netapp Active Iq Unified Manager 3
Oracle Access Manager 3
Oracle Agile Plm 1
Oracle Application Performance Management 2
Oracle Application Testing Suite 1
Oracle Banking Apis 7
Oracle Banking Digital Experience 7
Oracle Banking Enterprise Default Managment 6
Oracle Banking Party Management 1
Oracle Banking Platform 4
Oracle Blockchain Platform 1
Oracle Commerce Guided Search 1
Oracle Communications Application Session Controller 1
Oracle Communications Billing And Revenue Management Elastic Charging Engine 2
Oracle Communications Cloud Native Core Network Repository Function 1
Oracle Communications Cloud Native Core Policy 1
Oracle Communications Cloud Native Core Unified Data Repository 1
Oracle Communications Contacts Server 1
Oracle Communications Converged Application Server - Service Controller 1
Oracle Communications Convergence 1
Oracle Communications Design Studio 2
Oracle Communications Diameter Intelligence Hub 1
Oracle Communications Interactive Session Recorder 2
Oracle Communications Offline Mediation Controller 1
Oracle Communications Order And Service Management 2
Oracle Communications Policy Management 1
Oracle Communications Pricing Design Center 2
Oracle Communications Service Broker 1
Oracle Enterprise Communications Broker 1
Oracle Enterprise Session Border Controller 2
Oracle Financial Services Analytical Applications Infrastructure 1
Oracle Financial Services Model Management And Governance 1
Oracle Fusion Middleware Mapviewer 1
Oracle Health Sciences Information Manager 1
Oracle Healthcare Data Repository 1
Oracle Helidon 2
Oracle Insurance Policy Administration 5
Oracle Insurance Rules Palette 5
Oracle Oss Support Tools 1
Oracle Primavera Unifier 5
Oracle Real User Experience Insight 2
Oracle Rest Data Services 2
Oracle Retail Assortment Planning 1
Oracle Retail Integration Bus 7
Oracle Retail Order Broker 3
Oracle Retail Service Backbone 6
Oracle Retail Size Profile Optimization 1
Oracle Solaris Cluster 1
Oracle Utilities Testing Accelerator 3
Oracle Webcenter Portal 2
Oracle Weblogic Server 4

- References For CVE-2021-29425

https://lists.apache.org/thread.html/red3aea910403d8620c73e1c7b9c9b145798d0469eb3298a7be7891af@%3Cnotifications.zookeeper.apache.org%3E
MLIST [zookeeper-notifications] 20210816 [GitHub] [zookeeper] nkalmar commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)
https://lists.apache.org/thread.html/r462db908acc1e37c455e11b1a25992b81efd18e641e7e0ceb1b6e046@%3Cnotifications.zookeeper.apache.org%3E
MLIST [zookeeper-notifications] 20210901 [GitHub] [zookeeper] ztzg closed pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)
https://lists.apache.org/thread.html/ra8ef65aedc086d2d3d21492b4c08ae0eb8a3a42cc52e29ba1bc009d8@%3Cdev.creadur.apache.org%3E
MLIST [creadur-dev] 20210518 [jira] [Created] (WHISKER-19) Update commons-io to fix CVE-2021-29425
https://lists.apache.org/thread.html/rbebd3e19651baa7a4a5503a9901c95989df9d40602c8e35cb05d3eb5@%3Cdev.creadur.apache.org%3E
MLIST [creadur-dev] 20210518 [jira] [Assigned] (WHISKER-19) Update commons-io to fix CVE-2021-29425
https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe@%3Cusers.kafka.apache.org%3E
MLIST [kafka-users] 20210617 vulnerabilities
https://lists.apache.org/thread.html/r5149f78be265be69d34eacb4e4b0fc7c9c697bcdfa91a1c1658d717b@%3Cissues.zookeeper.apache.org%3E
MLIST [zookeeper-issues] 20210901 [jira] [Resolved] (ZOOKEEPER-4343) OWASP Dependency-Check fails with CVE-2021-29425, commons-io-2.6
https://lists.apache.org/thread.html/r0bfa8f7921abdfae788b1f076a12f73a92c93cc0a6e1083bce0027c5@%3Cnotifications.zookeeper.apache.org%3E
MLIST [zookeeper-notifications] 20210825 [GitHub] [zookeeper] ztzg edited a comment on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)
https://lists.apache.org/thread.html/r4050f9f6b42ebfa47a98cbdee4aabed4bb5fb8093db7dbb88faceba2@%3Ccommits.zookeeper.apache.org%3E
MLIST [zookeeper-commits] 20210901 [zookeeper] branch master updated: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)
https://security.netapp.com/advisory/ntap-20220210-0004/ CONFIRM
https://www.oracle.com/security-alerts/cpuoct2021.html
https://lists.apache.org/thread.html/rc359823b5500e9a9a2572678ddb8e01d3505a7ffcadfa8d13b8780ab%40%3Cuser.commons.apache.org%3E
https://lists.apache.org/thread.html/r27b1eedda37468256c4bb768fde1e8b79b37ec975cbbfd0d65a7ac34@%3Cdev.myfaces.apache.org%3E
MLIST [myfaces-dev] 20210504 [GitHub] [myfaces-tobago] lofwyr14 opened a new pull request #808: build: CVE fix
https://lists.apache.org/thread.html/r8569a41d565ca880a4dee0e645dad1cd17ab4a92e68055ad9ebb7375@%3Cdev.creadur.apache.org%3E
MLIST [creadur-dev] 20210427 [jira] [Commented] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity
https://lists.apache.org/thread.html/r0d73e2071d1f1afe1a15da14c5b6feb2cf17e3871168d5a3c8451436@%3Ccommits.pulsar.apache.org%3E
MLIST [pulsar-commits] 20210420 [GitHub] [pulsar] merlimat merged pull request #10287: [Security] Upgrade commons-io to address CVE-2021-29425
https://lists.apache.org/thread.html/raa053846cae9d497606027816ae87b4e002b2e0eb66cb0dee710e1f5@%3Cdev.creadur.apache.org%3E
MLIST [creadur-dev] 20210427 [jira] [Created] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity
https://lists.apache.org/thread.html/r01b4a1fcdf3311c936ce33d75a9398b6c255f00c1a2f312ac21effe1@%3Cnotifications.zookeeper.apache.org%3E
MLIST [zookeeper-notifications] 20210816 [GitHub] [zookeeper] nkalmar edited a comment on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)
https://lists.apache.org/thread.html/r47ab6f68cbba8e730f42c4ea752f3a44eb95fb09064070f2476bb401@%3Cdev.creadur.apache.org%3E
MLIST [creadur-dev] 20210427 [jira] [Closed] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity
https://lists.apache.org/thread.html/re41e9967bee064e7369411c28f0f5b2ad28b8334907c9c6208017279@%3Cnotifications.zookeeper.apache.org%3E
MLIST [zookeeper-notifications] 20210813 [GitHub] [zookeeper] eolivelli commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)
https://lists.apache.org/thread.html/r8efcbabde973ea72f5e0933adc48ef1425db5cde850bf641b3993f31@%3Cdev.commons.apache.org%3E
MLIST [commons-dev] 20210415 Re: [all] OSS Fuzz
https://lists.apache.org/thread.html/rc10fa20ef4d13cbf6ebe0b06b5edb95466a1424a9b7673074ed03260@%3Cnotifications.zookeeper.apache.org%3E
MLIST [zookeeper-notifications] 20210806 [GitHub] [zookeeper] nkalmar commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.7 (avoids CVE-2021-29425)
https://lists.apache.org/thread.html/r2df50af2641d38f432ef025cd2ba5858215cc0cf3fc10396a674ad2e@%3Cpluto-scm.portals.apache.org%3E
MLIST [portals-pluto-scm] 20210714 [portals-pluto] branch master updated: PLUTO-789 Upgrade to commons-io-2.7 due to CVE-2021-29425
https://lists.debian.org/debian-lts-announce/2021/08/msg00016.html
MLIST [debian-lts-announce] 20210812 [SECURITY] [DLA 2741-1] commons-io security update
https://lists.apache.org/thread.html/r873d5ddafc0a68fd999725e559776dc4971d1ab39c0f5cc81bd9bc04@%3Ccommits.pulsar.apache.org%3E
MLIST [pulsar-commits] 20210420 [GitHub] [pulsar] lhotari opened a new pull request #10287: [Security] Upgrade commons-io to address CVE-2021-29425
https://lists.apache.org/thread.html/r92ea904f4bae190b03bd42a4355ce3c2fbe8f36ab673e03f6ca3f9fa@%3Cnotifications.zookeeper.apache.org%3E
MLIST [zookeeper-notifications] 20210805 [GitHub] [zookeeper] ztzg opened a new pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.7 (avoids CVE-2021-29425)
https://lists.apache.org/thread.html/rc5f3df5316c5237b78a3dff5ab95b311ad08e61d418cd992ca7e34ae@%3Cnotifications.zookeeper.apache.org%3E
MLIST [zookeeper-notifications] 20210825 [GitHub] [zookeeper] eolivelli commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)
https://lists.apache.org/thread.html/r523a6ffad58f71c4f3761e3cee72df878e48cdc89ebdce933be1475c@%3Cdev.creadur.apache.org%3E
MLIST [creadur-dev] 20210518 [jira] [Commented] (WHISKER-19) Update commons-io to fix CVE-2021-29425
https://lists.apache.org/thread.html/rc65f9bc679feffe4589ea0981ee98bc0af9139470f077a91580eeee0@%3Cpluto-dev.portals.apache.org%3E
MLIST [portals-pluto-dev] 20210714 [jira] [Closed] (PLUTO-789) Upgrade to commons-io-2.7 due to CVE-2021-29425
https://lists.apache.org/thread.html/r20416f39ca7f7344e7d76fe4d7063bb1d91ad106926626e7e83fb346@%3Cnotifications.zookeeper.apache.org%3E
MLIST [zookeeper-notifications] 20210825 [GitHub] [zookeeper] ztzg commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)
https://lists.apache.org/thread.html/r808be7d93b17a7055c1981a8453ae5f0d0fce5855407793c5d0ffffa@%3Cuser.commons.apache.org%3E
MLIST [commons-user] 20210709 Re: commons-fileupload dependency and CVE
https://lists.apache.org/thread.html/rad4ae544747df32ccd58fff5a86cd556640396aeb161aa71dd3d192a@%3Cuser.commons.apache.org%3E
MLIST [commons-user] 20210709 commons-fileupload dependency and CVE
https://lists.apache.org/thread.html/r345330b7858304938b7b8029d02537a116d75265a598c98fa333504a@%3Cdev.creadur.apache.org%3E
MLIST [creadur-dev] 20210621 [jira] [Commented] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity
https://lists.apache.org/thread.html/r8bfc7235e6b39d90e6f446325a5a44c3e9e50da18860fdabcee23e29@%3Cissues.zookeeper.apache.org%3E
MLIST [zookeeper-issues] 20210805 [jira] [Updated] (ZOOKEEPER-4343) OWASP Dependency-Check fails with CVE-2021-29425, commons-io-2.6
https://lists.apache.org/thread.html/rc2dd3204260e9227a67253ef68b6f1599446005bfa0e1ddce4573a80@%3Cpluto-dev.portals.apache.org%3E
MLIST [portals-pluto-dev] 20210714 [jira] [Created] (PLUTO-789) Upgrade to commons-io-2.7 due to CVE-2021-29425
https://lists.apache.org/thread.html/r2bc986a070457daca457a54fe71ee09d2584c24dc262336ca32b6a19@%3Cdev.creadur.apache.org%3E
MLIST [creadur-dev] 20210518 [jira] [Updated] (WHISKER-19) Update commons-io to fix CVE-2021-29425
https://lists.apache.org/thread.html/r2345b49dbffa8a5c3c589c082fe39228a2c1d14f11b96c523da701db@%3Cnotifications.zookeeper.apache.org%3E
MLIST [zookeeper-notifications] 20210805 [GitHub] [zookeeper] ztzg commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.7 (avoids CVE-2021-29425)
https://lists.apache.org/thread.html/rca71a10ca533eb9bfac2d590533f02e6fb9064d3b6aa3ec90fdc4f51@%3Cnotifications.zookeeper.apache.org%3E
MLIST [zookeeper-notifications] 20210813 [GitHub] [zookeeper] ztzg commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)
https://www.oracle.com/security-alerts/cpujan2022.html
https://lists.apache.org/thread.html/rd09d4ab3e32e4b3a480e2ff6ff118712981ca82e817f28f2a85652a6@%3Cnotifications.zookeeper.apache.org%3E
MLIST [zookeeper-notifications] 20210813 [GitHub] [zookeeper] eolivelli commented on a change in pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)
https://lists.apache.org/thread.html/rfa2f08b7c0caf80ca9f4a18bd875918fdd4e894e2ea47942a4589b9c@%3Cdev.creadur.apache.org%3E
MLIST [creadur-dev] 20210427 [jira] [Updated] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity
https://lists.apache.org/thread.html/r1c2f4683c35696cf6f863e3c107e37ec41305b1930dd40c17260de71@%3Ccommits.pulsar.apache.org%3E
MLIST [pulsar-commits] 20210429 [pulsar] branch branch-2.7 updated: [Security] Upgrade commons-io to address CVE-2021-29425 (#10287)
https://lists.apache.org/thread.html/r86528f4b7d222aed7891e7ac03d69a0db2a2dfa17b86ac3470d7f374@%3Cnotifications.zookeeper.apache.org%3E
MLIST [zookeeper-notifications] 20210825 [GitHub] [zookeeper] ztzg commented on a change in pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)
https://lists.apache.org/thread.html/r477c285126ada5c3b47946bb702cb222ac4e7fd3100c8549bdd6d3b2@%3Cissues.zookeeper.apache.org%3E
MLIST [zookeeper-issues] 20210805 [jira] [Created] (ZOOKEEPER-4343) OWASP Dependency-Check fails with CVE-2021-29425, commons-io-2.6
https://lists.apache.org/thread.html/rfd01af05babc95b8949e6d8ea78d9834699e1b06981040dde419a330@%3Cdev.commons.apache.org%3E
MLIST [commons-dev] 20210414 Re: [all] OSS Fuzz
https://lists.apache.org/thread.html/rfcd2c649c205f12b72dde044f905903460669a220a2eb7e12652d19d@%3Cdev.zookeeper.apache.org%3E
MLIST [zookeeper-dev] 20210805 [jira] [Created] (ZOOKEEPER-4343) OWASP Dependency-Check fails with CVE-2021-29425, commons-io-2.6
https://www.oracle.com/security-alerts/cpuapr2022.html
https://issues.apache.org/jira/browse/IO-556

- Metasploit Modules Related To CVE-2021-29425

There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)


CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.