pkg:maven/org.apache.commons/commons-compress

Type maven

Namespace org.apache.commons

Name commons-compress

Known advisories, vulnerabilities and fixes for org.apache.commons/commons-compress package.

Repository: https://mvnrepository.com/artifact/org.apache.commons/commons-compress

High 7

Moderate 4

Type	Version	# CVEs	# Advisory ID	Title	Severity	Published
Affected	>= 1.21, < 1.26.0	CVE-2024-26308	MAVEN:GHSA-4265-CCF5-PHJ5	Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file	high	2024-02-19T09:30:52 (7 months ago)
Fixed	= 1.26.0	CVE-2024-26308	MAVEN:GHSA-4265-CCF5-PHJ5	Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file	high	2024-02-19T09:30:52 (7 months ago)
Affected	>= 1.3, < 1.26.0	CVE-2024-25710	MAVEN:GHSA-4G9R-VXHX-9PGX	Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file	high	2024-02-19T09:30:50 (7 months ago)
Fixed	= 1.26.0	CVE-2024-25710	MAVEN:GHSA-4G9R-VXHX-9PGX	Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file	high	2024-02-19T09:30:50 (7 months ago)
Affected	>= 1.15, < 1.19 = 1.18.1	CVE-2019-12402	MAVEN:GHSA-53X6-4X5P-RRVV	Denial of Service in Apache Commons Compress	high	2019-10-11T18:41:08 (5 years ago)
Fixed	= 1.19	CVE-2019-12402	MAVEN:GHSA-53X6-4X5P-RRVV	Denial of Service in Apache Commons Compress	high	2019-10-11T18:41:08 (5 years ago)
Affected	< 1.4.1	CVE-2012-2098	MAVEN:GHSA-6FXM-66HQ-FC96	Uncontrolled Resource Consumption in Apache Commons Compress	moderate	2022-05-13T01:07:05 (2 years ago)
Fixed	= 1.4.1	CVE-2012-2098	MAVEN:GHSA-6FXM-66HQ-FC96	Uncontrolled Resource Consumption in Apache Commons Compress	moderate	2022-05-13T01:07:05 (2 years ago)
Affected	< 1.21	CVE-2021-35515	MAVEN:GHSA-7HFM-57QF-J43Q	Excessive Iteration in Compress	high	2021-08-02T16:55:07 (3 years ago)
Fixed	= 1.21	CVE-2021-35515	MAVEN:GHSA-7HFM-57QF-J43Q	Excessive Iteration in Compress	high	2021-08-02T16:55:07 (3 years ago)
Affected	>= 1.22, < 1.24.0	CVE-2023-42503	MAVEN:GHSA-CGWF-W82Q-5JRR	Apache Commons Compress denial of service vulnerability	moderate	2023-09-14T09:30:28 (12 months ago)
Fixed	= 1.24.0	CVE-2023-42503	MAVEN:GHSA-CGWF-W82Q-5JRR	Apache Commons Compress denial of service vulnerability	moderate	2023-09-14T09:30:28 (12 months ago)
Affected	< 1.21	CVE-2021-35516	MAVEN:GHSA-CRV7-7245-F45F	Improper Handling of Length Parameter Inconsistency in Compress	high	2021-08-02T16:55:15 (3 years ago)
Fixed	= 1.21	CVE-2021-35516	MAVEN:GHSA-CRV7-7245-F45F	Improper Handling of Length Parameter Inconsistency in Compress	high	2021-08-02T16:55:15 (3 years ago)
Affected	>= 1.11, < 1.16 = 1.12	CVE-2018-1324	MAVEN:GHSA-H436-432X-8FVX	Apache Commons Compress vulnerable to denial of service due to infinite loop	moderate	2019-03-14T15:41:12 (5 years ago)
Fixed	= 1.16	CVE-2018-1324	MAVEN:GHSA-H436-432X-8FVX	Apache Commons Compress vulnerable to denial of service due to infinite loop	moderate	2019-03-14T15:41:12 (5 years ago)
Affected	< 1.18	CVE-2018-11771	MAVEN:GHSA-HRMR-F5M6-M9PQ	Moderate severity vulnerability that affects org.apache.commons:commons-compress	moderate	2018-10-19T16:41:27 (5 years ago)
Fixed	= 1.18	CVE-2018-11771	MAVEN:GHSA-HRMR-F5M6-M9PQ	Moderate severity vulnerability that affects org.apache.commons:commons-compress	moderate	2018-10-19T16:41:27 (5 years ago)
Affected	< 1.21	CVE-2021-36090	MAVEN:GHSA-MC84-PJ99-Q6HH	Improper Handling of Length Parameter Inconsistency in Compress	high	2021-08-02T16:55:53 (3 years ago)
Fixed	= 1.21	CVE-2021-36090	MAVEN:GHSA-MC84-PJ99-Q6HH	Improper Handling of Length Parameter Inconsistency in Compress	high	2021-08-02T16:55:53 (3 years ago)
Affected	< 1.21	CVE-2021-35517	MAVEN:GHSA-XQFJ-VM6H-2X34	Improper Handling of Length Parameter Inconsistency in Compress	high	2021-08-02T16:55:39 (3 years ago)
Fixed	= 1.21	CVE-2021-35517	MAVEN:GHSA-XQFJ-VM6H-2X34	Improper Handling of Length Parameter Inconsistency in Compress	high	2021-08-02T16:55:39 (3 years ago)