[Bug 65451] New: poi-ooxml uses a vulnerable dependency - commons-compress

Wed, 14 Jul 2021 11:46:37 -0700 

https://bz.apache.org/bugzilla/show_bug.cgi?id=65451

            Bug ID: 65451
           Summary: poi-ooxml uses a vulnerable dependency -
                    commons-compress
           Product: POI
           Version: 5.0.0-FINAL
          Hardware: All
                OS: All
            Status: NEW
          Severity: major
          Priority: P2
         Component: POI Overall
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: ---

commons-compress 1.20 is vulnerable:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35515
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35516
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35517
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36090

Should be upgraded to 1.21

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to