[jira] [Created] (AVRO-3227) Multiple CVEs via Apache Compress

Daniel Korczak (Jira) Thu, 07 Oct 2021 09:55:04 -0700

Daniel Korczak created AVRO-3227:
------------------------------------

             Summary: Multiple CVEs via Apache Compress
                 Key: AVRO-3227
                 URL: https://issues.apache.org/jira/browse/AVRO-3227
             Project: Apache Avro
          Issue Type: Bug
          Components: java
    Affects Versions: 1.10.2
            Reporter: Daniel Korczak



Latest versions of groupId: *org.apache.avro* artifactId: *Avro* are affected 
by vulnerabilities in the dependent library groupId: *org.apache.commons* 
artifactId: *commons-compress*.

 

These security issues can be remediated by updating from commons-compress 1.19, 
to 1.21.

 

See:

[CVE-2021-35515|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35515]

[CVE-2021-35517|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35517]

[CVE-2021-36090|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36090]

[CVE-2021-35516|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35516]

 

 

 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (AVRO-3227) Multiple CVEs via Apache Compress

Reply via email to