org.apache.commons:commons-compress@1.5 vulnerabilities
Apache Commons Compress software defines an API for working with compression and archive formats. These include: bzip2, gzip, pack200, lzma, xz, Snappy, traditional Unix Compress, DEFLATE, DEFLATE64, LZ4, Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj.
-
latest version
1.22
-
latest non vulnerable version
-
first published
14 years ago
-
latest version published
3 months ago
-
licenses detected
- [0,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.apache.commons:commons-compress package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
org.apache.commons:commons-compress is an API for working with compression and archive formats. Affected versions of this package are vulnerable to Denial of Service (DoS). When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out-of-memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package. How to fix Denial of Service (DoS)? Upgrade |
[1.1,1.21)
|
org.apache.commons:commons-compress is an API for working with compression and archive formats. Affected versions of this package are vulnerable to Denial of Service (DoS). When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out-of-memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package. How to fix Denial of Service (DoS)? Upgrade |
[1.0,1.21)
|
org.apache.commons:commons-compress is an API for working with compression and archive formats. Affected versions of this package are vulnerable to Denial of Service (DoS). When reading a specially crafted ZIP archive, the read method might fail to return the correct How to fix Denial of Service (DoS)? Upgrade |
(,1.18-RC1)
|