CVE-2021-29425
- EPSS 0.48%
- Published 13.04.2021 07:15:12
- Last modified 21.11.2024 06:01:04
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but ...
CVE-2020-11979
- EPSS 0.61%
- Published 01.10.2020 20:15:13
- Last modified 21.11.2024 04:59:02
As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without ...
CVE-2020-1945
- EPSS 0.02%
- Published 14.05.2020 16:15:12
- Last modified 21.11.2024 05:11:42
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files fr...
CVE-2019-10219
- EPSS 1.67%
- Published 08.11.2019 15:15:11
- Last modified 07.07.2025 14:15:21
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.