GHSA-53x6-4x5p-rrvv

Suggest an improvement
Source
https://github.com/advisories/GHSA-53x6-4x5p-rrvv
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/10/GHSA-53x6-4x5p-rrvv/GHSA-53x6-4x5p-rrvv.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-53x6-4x5p-rrvv
Aliases
Published
2019-10-11T18:41:08Z
Modified
2024-03-16T05:19:51.255480Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Denial of Service in Apache Commons Compress
Details

The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.

References

Affected packages

Maven / org.apache.commons:commons-compress

Package

Name
org.apache.commons:commons-compress
View open source insights on deps.dev
Purl
pkg:maven/org.apache.commons/commons-compress

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.15
Fixed
1.19

Affected versions

1.*

1.15
1.16
1.16.1
1.17
1.18

Maven / io.github.1tchy.java9modular.org.apache.commons:commons-compress

Package

Name
io.github.1tchy.java9modular.org.apache.commons:commons-compress
View open source insights on deps.dev
Purl
pkg:maven/io.github.1tchy.java9modular.org.apache.commons/commons-compress

Affected ranges

Affected versions

1.*

1.18.1