Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
WebLogic Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability - CVE-2021-29425 - Vulnerability Database
WebLogic

WebLogic Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability - CVE-2021-29425

Medium
Reference: CVE-2021-29425
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2021-29425
Title: WebLogic Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Overview:

In Apache Commons IO before 2.7 When invoking the method FileNameUtils.normalize with an improper input string like quot//../fooquot or quot..fooquot the result would be the same value thus possibly providing access to files in the parent directory but not further above (thus quotlimitedquot path traversal) if the calling code would use the result to construct a path value.