[jira] [Commented] (COMPRESS-680) CVE-2024-25710 and CVE-2024-26308 Indicates whether 7z decompression is involved.

Gary D. Gregory (Jira) Fri, 12 Jul 2024 06:49:04 -0700


    [ 
https://issues.apache.org/jira/browse/COMPRESS-680?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17865484#comment-17865484
 ]


Gary D. Gregory commented on COMPRESS-680:
------------------------------------------

[~Radar]
If you follow the links and read 
https://www.cve.org/CVERecord?id=CVE-2024-25710 you will see that this is only 
for the "DUMP" format.

If you follow the links and read 
https://www.cve.org/CVERecord?id=CVE-2024-26308 you will see that this is only 
for the "PACK200" format.




> CVE-2024-25710 and CVE-2024-26308 Indicates whether 7z decompression is 
> involved.
> ---------------------------------------------------------------------------------
>
>                 Key: COMPRESS-680
>                 URL: https://issues.apache.org/jira/browse/COMPRESS-680
>             Project: Commons Compress
>          Issue Type: Bug
>          Components: Archivers
>    Affects Versions: 1.21
>            Reporter: Radar wen
>            Priority: Major
>
> I cannot upgrade to the latest version due to historical issues,
> Excuse me ，CVE-2024-25710 and CVE-2024-26308 Whether the SevenZArchiveEntry 
> and SevenZFile classes for 7z decompression are involved.
> org.apache.commons.compress.archivers.sevenz.SevenZArchiveEntry;
> org.apache.commons.compress.archivers.sevenz.SevenZFile;



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (COMPRESS-680) CVE-2024-25710 and CVE-2024-26308 Indicates whether 7z decompression is involved.

Reply via email to