Security Advisories

CGA-724p-xwpj-hp66

Published

Last updated

https://images.chainguard.dev/security/CGA-724p-xwpj-hp66

Package

keycloak

Latest Update

Not affected

Aliases

CVE-2021-40525
GHSA-c38m-7h53-g9v4

Severity

9.1

Critical

CVSS V3

Summary

Path traversal in Apache James

Description

Apache James ManagedSieve implementation alongside with the file storage for sieve scripts is vulnerable to path traversal, allowing reading and writing any file. This vulnerability had been patched in Apache James 3.6.1 and higher. We recommend the upgrade. Distributed and Cassandra based products are also not impacted.

References

https://nvd.nist.gov/vuln/detail/CVE-2021-40525
https://github.com/advisories/GHSA-c38m-7h53-g9v4
https://github.com/apache/james-project
https://www.openwall.com/lists/oss-security/2022/01/04/4
http://www.openwall.com/lists/oss-security/2022/01/04/4
http://www.openwall.com/lists/oss-security/2022/02/07/1

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-724p-xwpj-hp66

Severity

Summary

Description

References

Updates

Product

Why Chainguard

Customers

Company

Resources