julz0815 / test-action

0 stars 1 forks source link

CVE: 2021-29425 found in Apache Commons IO - Version: 2.4 [JAVA] #141

Closed github-actions[bot] closed 1 year ago

github-actions[bot] commented 1 year ago

Veracode Software Composition Analysis

Attribute Details
Library Apache Commons IO
Description The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.
Language JAVA
Vulnerability Directory Traversal
Vulnerability description commons-io is vulnerable to directory traversal. Invoking the method FileNameUtils.normalize with a malicious input string would potentially allow access to files within the parent directory.
CVE 2021-29425
CVSS score 5.8
Vulnerability present in version/s 2.2-2.6
Found library version/s 2.4
Vulnerability fixed in version 2.7
Library latest version 2.11.0
Fix

Links:

github-actions[bot] commented 1 year ago

Veracode issue link to PR: https://github.com/julz0815/test-action/pull/184