CVE-2024-25710
published 2024-02-19CVE-2024-25710: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through…
medium5.5CVSS 3.1
AVLACLPRNUIRSUCNINAH
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0.
Users are recommended to upgrade to version 1.26.0 which fixes the issue.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | commons_compress | >= 1.3 < 1.26.0 | 1.26.0 |
| apache_software_foundation | apache_commons_compress | 1.3 – 1.25.0 | — |
| debian | libcommons-compress-java | < libcommons-compress-java 1.27.1-1 (forky) | libcommons-compress-java 1.27.1-1 (forky) |
| msrc | azl3_javapackages-bootstrap_1.14.0-2_on_azure_linux_3.0 | — | — |
| msrc | azl3_javapackages-bootstrap_1.14.0-3_on_azure_linux_3.0 | — | — |
| msrc | cbl2_javapackages-bootstrap_1.5.0-7_on_cbl_mariner_2.0 | — | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv5.5MEDIUM