Vulnerabilities > CVE-2024-26308 - Unspecified vulnerability in Apache Commons Compress

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

apache

NVD

Published: 2024-02-19

Updated: 2024-11-21

Summary

Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to version 1.26, which fixes the issue.

Vulnerable Configurations

Part	Description	Count
Application	Apache Apache Commons Compress 1.21 Apache Commons Compress 1.22 Apache Commons Compress 1.23.0 Apache Commons Compress 1.24.0 Apache Commons Compress 1.25.0	5

References

http://www.openwall.com/lists/oss-security/2024/02/19/2
http://www.openwall.com/lists/oss-security/2024/02/19/2
https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg
https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg
https://security.netapp.com/advisory/ntap-20240307-0009/
https://security.netapp.com/advisory/ntap-20240307-0009/