[jira] [Resolved] (AVRO-3227) Multiple CVEs via Apache Compress

Martin Tzvetanov Grigorov (Jira) Thu, 07 Oct 2021 23:01:07 -0700


     [ 
https://issues.apache.org/jira/browse/AVRO-3227?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Martin Tzvetanov Grigorov resolved AVRO-3227.
---------------------------------------------
    Resolution: Duplicate

Duplicate of AVRO-3215.

1.11.0 is being voted at the moment - 
https://lists.apache.org/thread.html/ra32af4e3327aa33985174d3eace283bb6b6427f70f790ecd33d47b6e%40%3Cdev.avro.apache.org%3E!

 

> Multiple CVEs via Apache Compress
> ---------------------------------
>
>                 Key: AVRO-3227
>                 URL: https://issues.apache.org/jira/browse/AVRO-3227
>             Project: Apache Avro
>          Issue Type: Bug
>          Components: java
>    Affects Versions: 1.10.2
>            Reporter: Daniel Korczak
>            Priority: Minor
>
> Latest versions of groupId: *org.apache.avro* artifactId: *Avro* are affected 
> by vulnerabilities in the dependent library groupId: *org.apache.commons* 
> artifactId: *commons-compress*.
>  
> These security issues can be remediated by updating from commons-compress 
> 1.19, to 1.21.
>  
> See:
> [CVE-2021-35515|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35515]
> [CVE-2021-35517|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35517]
> [CVE-2021-36090|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36090]
> [CVE-2021-35516|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35516]
>  
>  
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Resolved] (AVRO-3227) Multiple CVEs via Apache Compress

Reply via email to