Homepage

org.apache.commons:commons-vfs2@2.2 vulnerabilities

  • latest version

    2.10.0

  • latest non vulnerable version

    2.10.0

  • first published

    13 years ago

  • latest version published

    1 months ago

  • licenses detected

  • package registry

    View on Maven Central Repository
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the org.apache.commons:commons-vfs2 package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Relative Path Traversal

    Affected versions of this package are vulnerable to Relative Path Traversal via the resolveFile() method when the scope parameter is set to NameScope.DESCENDENT. An attacker can access files outside of the intended directory by including encoded directory traversal sequences such as %2E%2E in place of ... Files that are not descendents of the base file may be exposed without throwing the expected exception.

    How to fix Relative Path Traversal?

    Upgrade org.apache.commons:commons-vfs2 to version 2.10.0 or higher.

    [,2.10.0)
    • M
    Insertion of Sensitive Information into Log File

    Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File when failing to find an FtpFileObject and throwing an exception. An attacker can reveal the original URI corresponding to the target object, which contains a password.

    How to fix Insertion of Sensitive Information into Log File?

    Upgrade org.apache.commons:commons-vfs2 to version 2.10.0 or higher.

    [,2.10.0)
    Go back to all versions of this package