{ "threat_severity" : "Moderate", "public_date" : "2021-04-12T00:00:00Z", "bugzilla" : { "description" : "apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6", "id" : "1948752", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1948752" }, "cvss3" : { "cvss3_base_score" : "4.8", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "status" : "verified" }, "cwe" : "CWE-22", "details" : [ "In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like \"//../foo\", or \"\\\\..\\foo\", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus \"limited\" path traversal), if the calling code would use the result to construct a path value." ], "statement" : "While the apache-commons-io package included in Red Hat Enterprise Linux 8 Maven App Stream contains the vulnerable code, it is not used in any way by Maven or other packages in this module. This package is not an API component of Maven, thus the affected code can not be reached in any supported scenario.", "affected_release" : [ { "product_name" : "EAP 7.3.9 release", "release_date" : "2021-09-08T00:00:00Z", "advisory" : "RHSA-2021:3471", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3", "package" : "commons-io" }, { "product_name" : "Red Hat AMQ 7.9.0", "release_date" : "2021-09-30T00:00:00Z", "advisory" : "RHSA-2021:3700", "cpe" : "cpe:/a:redhat:amq_broker:7", "package" : "commons-io" }, { "product_name" : "Red Hat AMQ Streams 1.8.0", "release_date" : "2021-08-19T00:00:00Z", "advisory" : "RHSA-2021:3225", "cpe" : "cpe:/a:redhat:amq_streams:1", "package" : "commons-io" }, { "product_name" : "Red Hat EAP-XP 2.0.0 via EAP 7.3.x base", "release_date" : "2021-09-13T00:00:00Z", "advisory" : "RHSA-2021:3516", "cpe" : "cpe:/a:redhat:jbosseapxp", "package" : "commons-io" }, { "product_name" : "Red Hat Fuse 7.10", "release_date" : "2021-12-14T00:00:00Z", "advisory" : "RHSA-2021:5134", "cpe" : "cpe:/a:redhat:jboss_fuse:7", "package" : "commons-io" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7", "release_date" : "2021-09-23T00:00:00Z", "advisory" : "RHSA-2021:3660", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "package" : "commons-io" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-09-08T00:00:00Z", "advisory" : "RHSA-2021:3466", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-09-08T00:00:00Z", "advisory" : "RHSA-2021:3466", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-hal-console-0:3.2.16-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-09-08T00:00:00Z", "advisory" : "RHSA-2021:3466", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-hibernate-0:5.3.20-4.SP2_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-09-08T00:00:00Z", "advisory" : "RHSA-2021:3466", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-09-08T00:00:00Z", "advisory" : "RHSA-2021:3466", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-09-08T00:00:00Z", "advisory" : "RHSA-2021:3466", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-09-08T00:00:00Z", "advisory" : "RHSA-2021:3466", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-09-08T00:00:00Z", "advisory" : "RHSA-2021:3466", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-jboss-server-migration-0:1.7.2-9.Final_redhat_00010.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-09-08T00:00:00Z", "advisory" : "RHSA-2021:3466", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-narayana-0:5.9.12-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-09-08T00:00:00Z", "advisory" : "RHSA-2021:3466", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-09-08T00:00:00Z", "advisory" : "RHSA-2021:3466", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-undertow-0:2.0.39-1.SP2_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-09-08T00:00:00Z", "advisory" : "RHSA-2021:3466", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-wildfly-0:7.3.9-2.GA_redhat_00002.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-09-08T00:00:00Z", "advisory" : "RHSA-2021:3466", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-wildfly-http-client-0:1.0.29-1.Final_redhat_00002.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-09-08T00:00:00Z", "advisory" : "RHSA-2021:3466", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-09-08T00:00:00Z", "advisory" : "RHSA-2021:3467", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-09-08T00:00:00Z", "advisory" : "RHSA-2021:3467", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-hal-console-0:3.2.16-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-09-08T00:00:00Z", "advisory" : "RHSA-2021:3467", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-hibernate-0:5.3.20-4.SP2_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-09-08T00:00:00Z", "advisory" : "RHSA-2021:3467", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-09-08T00:00:00Z", "advisory" : "RHSA-2021:3467", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-09-08T00:00:00Z", "advisory" : "RHSA-2021:3467", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-09-08T00:00:00Z", "advisory" : "RHSA-2021:3467", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-09-08T00:00:00Z", "advisory" : "RHSA-2021:3467", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-jboss-server-migration-0:1.7.2-9.Final_redhat_00010.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-09-08T00:00:00Z", "advisory" : "RHSA-2021:3467", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-narayana-0:5.9.12-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-09-08T00:00:00Z", "advisory" : "RHSA-2021:3467", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-09-08T00:00:00Z", "advisory" : "RHSA-2021:3467", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-undertow-0:2.0.39-1.SP2_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-09-08T00:00:00Z", "advisory" : "RHSA-2021:3467", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-wildfly-0:7.3.9-2.GA_redhat_00002.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-09-08T00:00:00Z", "advisory" : "RHSA-2021:3467", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-wildfly-http-client-0:1.0.29-1.Final_redhat_00002.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-09-08T00:00:00Z", "advisory" : "RHSA-2021:3467", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-09-08T00:00:00Z", "advisory" : "RHSA-2021:3468", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-09-08T00:00:00Z", "advisory" : "RHSA-2021:3468", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-hal-console-0:3.2.16-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-09-08T00:00:00Z", "advisory" : "RHSA-2021:3468", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-hibernate-0:5.3.20-4.SP2_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-09-08T00:00:00Z", "advisory" : "RHSA-2021:3468", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-09-08T00:00:00Z", "advisory" : "RHSA-2021:3468", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-09-08T00:00:00Z", "advisory" : "RHSA-2021:3468", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-09-08T00:00:00Z", "advisory" : "RHSA-2021:3468", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-09-08T00:00:00Z", "advisory" : "RHSA-2021:3468", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-jboss-server-migration-0:1.7.2-9.Final_redhat_00010.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-09-08T00:00:00Z", "advisory" : "RHSA-2021:3468", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-narayana-0:5.9.12-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-09-08T00:00:00Z", "advisory" : "RHSA-2021:3468", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-09-08T00:00:00Z", "advisory" : "RHSA-2021:3468", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-undertow-0:2.0.39-1.SP2_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-09-08T00:00:00Z", "advisory" : "RHSA-2021:3468", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-wildfly-0:7.3.9-2.GA_redhat_00002.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-09-08T00:00:00Z", "advisory" : "RHSA-2021:3468", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-wildfly-http-client-0:1.0.29-1.Final_redhat_00002.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-09-08T00:00:00Z", "advisory" : "RHSA-2021:3468", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2021-09-23T00:00:00Z", "advisory" : "RHSA-2021:3658", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2021-09-23T00:00:00Z", "advisory" : "RHSA-2021:3656", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat Single Sign-On 7.4.9", "release_date" : "2021-09-14T00:00:00Z", "advisory" : "RHSA-2021:3534", "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7", "package" : "commons-io" }, { "product_name" : "RHDM 7.12.1", "release_date" : "2022-03-29T00:00:00Z", "advisory" : "RHSA-2022:1110", "cpe" : "cpe:/a:redhat:jboss_enterprise_brms_platform:7.12", "package" : "commons-io" }, { "product_name" : "RHPAM 7.12.1", "release_date" : "2022-03-29T00:00:00Z", "advisory" : "RHSA-2022:1108", "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.12", "package" : "commons-io" }, { "product_name" : "Vert.x 4.1.0", "release_date" : "2021-07-07T00:00:00Z", "advisory" : "RHSA-2021:2465", "cpe" : "cpe:/a:redhat:openshift_application_runtimes:1.0", "package" : "commons-io" } ], "package_state" : [ { "product_name" : "A-MQ Clients 2", "fix_state" : "Will not fix", "package_name" : "commons-io", "cpe" : "cpe:/a:redhat:a_mq_clients:2" }, { "product_name" : "Red Hat BPM Suite 6", "fix_state" : "Out of support scope", "package_name" : "commons-io", "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform" }, { "product_name" : "Red Hat build of Quarkus", "fix_state" : "Not affected", "package_name" : "commons-io", "cpe" : "cpe:/a:redhat:openshift_application_runtimes:1.0" }, { "product_name" : "Red Hat Data Grid 8", "fix_state" : "Will not fix", "package_name" : "commons-io", "cpe" : "cpe:/a:redhat:jboss_data_grid:8" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "apache-commons-io", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "maven:3.5/apache-commons-io", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "maven:3.6/apache-commons-io", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "apache-commons-io", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat JBoss A-MQ 6", "fix_state" : "Out of support scope", "package_name" : "commons-io", "cpe" : "cpe:/a:redhat:jboss_amq:6" }, { "product_name" : "Red Hat JBoss BRMS 6", "fix_state" : "Out of support scope", "package_name" : "commons-io", "cpe" : "cpe:/a:redhat:jboss_enterprise_brms_platform:6" }, { "product_name" : "Red Hat JBoss Data Grid 7", "fix_state" : "Out of support scope", "package_name" : "commons-io", "cpe" : "cpe:/a:redhat:jboss_data_grid:7" }, { "product_name" : "Red Hat JBoss Data Virtualization 6", "fix_state" : "Out of support scope", "package_name" : "commons-io", "cpe" : "cpe:/a:redhat:jboss_data_virtualization:6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6", "fix_state" : "Out of support scope", "package_name" : "commons-io", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6" }, { "product_name" : "Red Hat JBoss Fuse 6", "fix_state" : "Out of support scope", "package_name" : "commons-io", "cpe" : "cpe:/a:redhat:jboss_fuse:6" }, { "product_name" : "Red Hat JBoss Fuse Service Works 6", "fix_state" : "Out of support scope", "package_name" : "commons-io", "cpe" : "cpe:/a:redhat:jboss_fuse_service_works:6" }, { "product_name" : "Red Hat JBoss Operations Network 3", "fix_state" : "Not affected", "package_name" : "commons-io", "cpe" : "cpe:/a:redhat:jboss_operations_network:3" }, { "product_name" : "Red Hat OpenShift Application Runtimes", "fix_state" : "Will not fix", "package_name" : "commons-io", "cpe" : "cpe:/a:redhat:openshift_application_runtimes:1.0" }, { "product_name" : "Red Hat Software Collections", "fix_state" : "Will not fix", "package_name" : "rh-maven36-apache-commons-io", "cpe" : "cpe:/a:redhat:rhel_software_collections:3" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-29425\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-29425" ], "name" : "CVE-2021-29425", "csaw" : false }