CVE-2024-26308
published 2024-02-19CVE-2024-26308: Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before…
medium5.5CVSS 3.1
AVLACLPRNUIRSUCNINAH
Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26.
Users are recommended to upgrade to version 1.26, which fixes the issue.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | commons_compress | >= 1.21 < 1.26.0 | 1.26.0 |
| apache_software_foundation | apache_commons_compress | >= 1.21 < 1.26.0 | 1.26.0 |
| debian | libcommons-compress-java | < libcommons-compress-java 1.27.1-1 (forky) | libcommons-compress-java 1.27.1-1 (forky) |
| msrc | azl3_javapackages-bootstrap_1.14.0-3_on_azure_linux_3.0 | — | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv5.5MEDIUM