CVE-2021-29425 | Possible limited path traversal vulnerabily in Apache Commons IO

Exp

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.

Published: 2021-04-13 Last update: 2026-06-16 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2021-29425 is rated High Exploit Risk (72.5/100): CVSS Medium severity, with high exploitation likelihood (EPSS 10.61%, 95th percentile). 1 public exploit reference(s) are indexed (Exploit-DB). EPSS rose +10.00% over the last day, indicating growing attacker interest. Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2021-29425

EDB-ID Source Kind Published Link
nvd_ref exploit_tag Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2021-29425

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.61% 10.61% +10.00%
2 2026-06-10 0.48% 0.61% +0.12%
3 2026-03-08 0.48%

Full EPSS history (70 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2021-29425

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
4.8 3.1 MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:H)
Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:L)
Some sensitive info could get out, but not a total data dump.
Integrity (I:L)
Attackers could change some data, but it’s limited—not everything goes.
Availability (A:N)
Service keeps running; no real outage angle.
 2.2 2.5 [email protected]
5.8 2.0 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:M)
Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:P)
Partial confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:N)
No availability impact.
 8.6 4.9 [email protected]

Weakness enumeration for CVE-2021-29425

GitHub Security Advisory for CVE-2021-29425

GHSA-gwrp-pvrq-jmwv · Severity: medium · Ecosystem: maven — Path Traversal and Improper Input Validation in Apache Commons IO

OS Trackers for CVE-2021-29425

vendor priority summary link
debian not yet assigned CVE-2021-29425 not yet assigned priority: Debian including 1 source packages (commons-io), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2021-29425
redhat medium https://access.redhat.com/security/cve/CVE-2021-29425
suse medium CVE-2021-29425 severity moderate: SUSE including 248 source package names (11-6.2:apache-commons-io-2.6-3.3.1, 17.0.15.0-7.6:apache-commons-io-2.6-3.3.1, …), 286 product×package rows across 50 product lines (Container bci/openjdk-devel, Container containers/apache-pulsar, … (50 product lines)): Known Affected 231, Fixed 55. https://www.suse.com/security/cve/CVE-2021-29425/
ubuntu medium CVE-2021-29425 medium priority: Ubuntu including 1 source packages (commons-io), 16 status rows across 16 suites (bionic, focal, groovy, hirsute, impish, jammy, kinetic, lunar, mantic, noble, oracular, plucky, questing, trusty, upstream, xenial): not-affected 10, released 4, ignored 1, needed 1. https://ubuntu.com/security/CVE-2021-29425

Affected software / configurations for CVE-2021-29425

Vendor Product Version Raw CPE
apache commons_io 2.2 cpe:2.3:a:apache:commons_io:2.2:-:*:*:*:*:*:*
apache commons_io 2.3 cpe:2.3:a:apache:commons_io:2.3:-:*:*:*:*:*:*
apache commons_io 2.4 cpe:2.3:a:apache:commons_io:2.4:-:*:*:*:*:*:*
apache commons_io 2.5 cpe:2.3:a:apache:commons_io:2.5:-:*:*:*:*:*:*
apache commons_io 2.6 cpe:2.3:a:apache:commons_io:2.6:-:*:*:*:*:*:*
debian debian_linux 9.0 cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
oracle access_manager 11.1.2.3.0 cpe:2.3:a:oracle:access_manager:11.1.2.3.0:*:*:*:*:*:*:*
oracle access_manager 12.2.1.3.0 cpe:2.3:a:oracle:access_manager:12.2.1.3.0:*:*:*:*:*:*:*
oracle access_manager 12.2.1.4.0 cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*
oracle agile_engineering_data_management 6.2.1.0 cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*
oracle agile_plm 9.3.6 cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
oracle application_performance_management 13.4.1.0 cpe:2.3:a:oracle:application_performance_management:13.4.1.0:*:*:*:*:*:*:*
oracle application_performance_management 13.5.1.0 cpe:2.3:a:oracle:application_performance_management:13.5.1.0:*:*:*:*:*:*:*
oracle application_testing_suite 13.3.0.1 cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
oracle banking_apis 18.1 cpe:2.3:a:oracle:banking_apis:18.1:*:*:*:*:*:*:*
oracle banking_apis 18.2 cpe:2.3:a:oracle:banking_apis:18.2:*:*:*:*:*:*:*
oracle banking_apis 18.3 cpe:2.3:a:oracle:banking_apis:18.3:*:*:*:*:*:*:*
oracle banking_apis 19.1 cpe:2.3:a:oracle:banking_apis:19.1:*:*:*:*:*:*:*
oracle banking_apis 19.2 cpe:2.3:a:oracle:banking_apis:19.2:*:*:*:*:*:*:*
oracle banking_apis 20.1 cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*
oracle banking_apis 21.1 cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*
oracle banking_digital_experience 17.2 cpe:2.3:a:oracle:banking_digital_experience:17.2:*:*:*:*:*:*:*
oracle banking_digital_experience 18.1 cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*
oracle banking_digital_experience 18.3 cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*
oracle banking_digital_experience 19.1 cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*
oracle banking_digital_experience 19.2 cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*
oracle banking_digital_experience 20.1 cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*
oracle banking_digital_experience 21.1 cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:*
oracle banking_enterprise_default_management 2.6.2 cpe:2.3:a:oracle:banking_enterprise_default_management:2.6.2:*:*:*:*:*:*:*
oracle banking_enterprise_default_management 2.7.0 cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.0:*:*:*:*:*:*:*
oracle banking_enterprise_default_management 2.7.1 cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.1:*:*:*:*:*:*:*
oracle banking_enterprise_default_management 2.10.0 cpe:2.3:a:oracle:banking_enterprise_default_management:2.10.0:*:*:*:*:*:*:*
oracle banking_enterprise_default_management 2.12.0 cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0:*:*:*:*:*:*:*
oracle banking_enterprise_default_managment >= 2.3.0, <= 2.4.0 cpe:2.3:a:oracle:banking_enterprise_default_managment:*:*:*:*:*:*:*:*
oracle banking_party_management 2.7.0 cpe:2.3:a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:*
oracle banking_platform >= 2.3.0, <= 2.4.1 cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*
oracle banking_platform 2.6.2 cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
oracle banking_platform 2.7.0 cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*
oracle banking_platform 2.7.1 cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*
oracle blockchain_platform < 21.1.2 cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*
oracle commerce_guided_search 11.3.2 cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*
oracle communications_application_session_controller 3.9.0 cpe:2.3:a:oracle:communications_application_session_controller:3.9.0:*:*:*:*:*:*:*
oracle communications_billing_and_revenue_management_elastic_charging_engine 11.3 cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:11.3:*:*:*:*:*:*:*
oracle communications_billing_and_revenue_management_elastic_charging_engine 12.0 cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:12.0:*:*:*:*:*:*:*
oracle communications_cloud_native_core_network_repository_function 1.14.0 cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.14.0:*:*:*:*:*:*:*
oracle communications_cloud_native_core_policy 1.14.0 cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*
oracle communications_cloud_native_core_unified_data_repository 1.4.0 cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*
oracle communications_contacts_server 8.0.0.6.0 cpe:2.3:a:oracle:communications_contacts_server:8.0.0.6.0:*:*:*:*:*:*:*
oracle communications_converged_application_server_-_service_controller 6.2 cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.2:*:*:*:*:*:*:*
oracle communications_convergence 3.0.2.2.0 cpe:2.3:a:oracle:communications_convergence:3.0.2.2.0:*:*:*:*:*:*:*
oracle communications_design_studio >= 7.4.0, <= 7.4.2 cpe:2.3:a:oracle:communications_design_studio:*:*:*:*:*:*:*:*
oracle communications_design_studio 7.3.5 cpe:2.3:a:oracle:communications_design_studio:7.3.5:*:*:*:*:*:*:*
oracle communications_diameter_intelligence_hub >= 8.0.0, <= 8.1.0 cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*
oracle communications_diameter_intelligence_hub >= 8.2.0, <= 8.2.3 cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*
oracle communications_interactive_session_recorder 6.3 cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*
oracle communications_interactive_session_recorder 6.4 cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*
oracle communications_offline_mediation_controller 12.0.0.3 cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*
oracle communications_order_and_service_management 7.3 cpe:2.3:a:oracle:communications_order_and_service_management:7.3:*:*:*:*:*:*:*
oracle communications_order_and_service_management 7.4 cpe:2.3:a:oracle:communications_order_and_service_management:7.4:*:*:*:*:*:*:*
oracle communications_policy_management 12.5.0.0.0 cpe:2.3:a:oracle:communications_policy_management:12.5.0.0.0:*:*:*:*:*:*:*
oracle communications_pricing_design_center 12.0.0.4.0 cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*
oracle communications_pricing_design_center 12.0.0.5.0 cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.5.0:*:*:*:*:*:*:*
oracle communications_service_broker 6.2 cpe:2.3:a:oracle:communications_service_broker:6.2:*:*:*:*:*:*:*
oracle enterprise_communications_broker 3.3 cpe:2.3:a:oracle:enterprise_communications_broker:3.3:*:*:*:*:*:*:*
oracle enterprise_session_border_controller 8.4 cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*
oracle enterprise_session_border_controller 9.0 cpe:2.3:a:oracle:enterprise_session_border_controller:9.0:*:*:*:*:*:*:*
oracle financial_services_analytical_applications_infrastructure >= 8.0.7, <= 8.1.1 cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*
oracle financial_services_model_management_and_governance >= 8.0.8, <= 8.1.1 cpe:2.3:a:oracle:financial_services_model_management_and_governance:*:*:*:*:*:*:*:*
oracle flexcube_core_banking >= 11.6.0, <= 11.8.0 cpe:2.3:a:oracle:flexcube_core_banking:*:*:*:*:*:*:*:*
oracle flexcube_core_banking 5.2.0 cpe:2.3:a:oracle:flexcube_core_banking:5.2.0:*:*:*:*:*:*:*
oracle flexcube_core_banking 11.10.0 cpe:2.3:a:oracle:flexcube_core_banking:11.10.0:*:*:*:*:*:*:*
oracle fusion_middleware_mapviewer 12.2.1.4.0 cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
oracle health_sciences_data_management_workbench 2.5.2.1 cpe:2.3:a:oracle:health_sciences_data_management_workbench:2.5.2.1:*:*:*:*:*:*:*
oracle health_sciences_data_management_workbench 3.0.0.0 cpe:2.3:a:oracle:health_sciences_data_management_workbench:3.0.0.0:*:*:*:*:*:*:*
oracle health_sciences_information_manager >= 3.0.1, <= 3.0.4 cpe:2.3:a:oracle:health_sciences_information_manager:*:*:*:*:*:*:*:*
oracle healthcare_data_repository 8.1.0 cpe:2.3:a:oracle:healthcare_data_repository:8.1.0:*:*:*:*:*:*:*
oracle helidon 1.4.7 cpe:2.3:a:oracle:helidon:1.4.7:*:*:*:*:*:*:*
oracle helidon 2.2.0 cpe:2.3:a:oracle:helidon:2.2.0:*:*:*:*:*:*:*
oracle insurance_policy_administration 11.0.2 cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*
oracle insurance_policy_administration 11.1.0 cpe:2.3:a:oracle:insurance_policy_administration:11.1.0:*:*:*:*:*:*:*

References for CVE-2021-29425

URL Tags
https://issues.apache.org/jira/browse/IO-556 Exploit Issue Tracking Vendor Advisory
https://lists.apache.org/thread.html/r01b4a1fcdf3311c936ce33d75a9398b6c255f00c1a2f312ac21effe1%40%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r0bfa8f7921abdfae788b1f076a12f73a92c93cc0a6e1083bce0027c5%40%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r0d73e2071d1f1afe1a15da14c5b6feb2cf17e3871168d5a3c8451436%40%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r1c2f4683c35696cf6f863e3c107e37ec41305b1930dd40c17260de71%40%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r20416f39ca7f7344e7d76fe4d7063bb1d91ad106926626e7e83fb346%40%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r2345b49dbffa8a5c3c589c082fe39228a2c1d14f11b96c523da701db%40%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/r27b1eedda37468256c4bb768fde1e8b79b37ec975cbbfd0d65a7ac34%40%3Cdev.myfaces.apache.org%3E
https://lists.apache.org/thread.html/r2bc986a070457daca457a54fe71ee09d2584c24dc262336ca32b6a19%40%3Cdev.creadur.apache.org%3E
https://lists.apache.org/thread.html/r2df50af2641d38f432ef025cd2ba5858215cc0cf3fc10396a674ad2e%40%3Cpluto-scm.portals.apache.org%3E
https://lists.apache.org/thread.html/r345330b7858304938b7b8029d02537a116d75265a598c98fa333504a%40%3Cdev.creadur.apache.org%3E
https://lists.apache.org/thread.html/r4050f9f6b42ebfa47a98cbdee4aabed4bb5fb8093db7dbb88faceba2%40%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r462db908acc1e37c455e11b1a25992b81efd18e641e7e0ceb1b6e046%40%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r477c285126ada5c3b47946bb702cb222ac4e7fd3100c8549bdd6d3b2%40%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r47ab6f68cbba8e730f42c4ea752f3a44eb95fb09064070f2476bb401%40%3Cdev.creadur.apache.org%3E
https://lists.apache.org/thread.html/r5149f78be265be69d34eacb4e4b0fc7c9c697bcdfa91a1c1658d717b%40%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r523a6ffad58f71c4f3761e3cee72df878e48cdc89ebdce933be1475c%40%3Cdev.creadur.apache.org%3E
https://lists.apache.org/thread.html/r808be7d93b17a7055c1981a8453ae5f0d0fce5855407793c5d0ffffa%40%3Cuser.commons.apache.org%3E
https://lists.apache.org/thread.html/r8569a41d565ca880a4dee0e645dad1cd17ab4a92e68055ad9ebb7375%40%3Cdev.creadur.apache.org%3E
https://lists.apache.org/thread.html/r86528f4b7d222aed7891e7ac03d69a0db2a2dfa17b86ac3470d7f374%40%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r873d5ddafc0a68fd999725e559776dc4971d1ab39c0f5cc81bd9bc04%40%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r8bfc7235e6b39d90e6f446325a5a44c3e9e50da18860fdabcee23e29%40%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r8efcbabde973ea72f5e0933adc48ef1425db5cde850bf641b3993f31%40%3Cdev.commons.apache.org%3E
https://lists.apache.org/thread.html/r92ea904f4bae190b03bd42a4355ce3c2fbe8f36ab673e03f6ca3f9fa%40%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/ra8ef65aedc086d2d3d21492b4c08ae0eb8a3a42cc52e29ba1bc009d8%40%3Cdev.creadur.apache.org%3E
https://lists.apache.org/thread.html/raa053846cae9d497606027816ae87b4e002b2e0eb66cb0dee710e1f5%40%3Cdev.creadur.apache.org%3E
https://lists.apache.org/thread.html/rad4ae544747df32ccd58fff5a86cd556640396aeb161aa71dd3d192a%40%3Cuser.commons.apache.org%3E
https://lists.apache.org/thread.html/rbebd3e19651baa7a4a5503a9901c95989df9d40602c8e35cb05d3eb5%40%3Cdev.creadur.apache.org%3E
https://lists.apache.org/thread.html/rc10fa20ef4d13cbf6ebe0b06b5edb95466a1424a9b7673074ed03260%40%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rc2dd3204260e9227a67253ef68b6f1599446005bfa0e1ddce4573a80%40%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/rc359823b5500e9a9a2572678ddb8e01d3505a7ffcadfa8d13b8780ab%40%3Cuser.commons.apache.org%3E Mailing List Vendor Advisory
https://lists.apache.org/thread.html/rc5f3df5316c5237b78a3dff5ab95b311ad08e61d418cd992ca7e34ae%40%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rc65f9bc679feffe4589ea0981ee98bc0af9139470f077a91580eeee0%40%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/rca71a10ca533eb9bfac2d590533f02e6fb9064d3b6aa3ec90fdc4f51%40%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rd09d4ab3e32e4b3a480e2ff6ff118712981ca82e817f28f2a85652a6%40%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/re41e9967bee064e7369411c28f0f5b2ad28b8334907c9c6208017279%40%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/red3aea910403d8620c73e1c7b9c9b145798d0469eb3298a7be7891af%40%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rfa2f08b7c0caf80ca9f4a18bd875918fdd4e894e2ea47942a4589b9c%40%3Cdev.creadur.apache.org%3E
https://lists.apache.org/thread.html/rfcd2c649c205f12b72dde044f905903460669a220a2eb7e12652d19d%40%3Cdev.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rfd01af05babc95b8949e6d8ea78d9834699e1b06981040dde419a330%40%3Cdev.commons.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/08/msg00016.html Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20220210-0004/ Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html Third Party Advisory
cvelogic Threat Intelligence