-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Severity: Low
Vendor: The Apache Software Foundation Versions Affected: Apache Commons Compress 1.15 to 1.18 Description: The file name encoding algorithm used internally in Apache Commons Compress can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress. Mitigation: Commons Compress users should upgrade to 1.19 or later. Credit: This issue was discovered by Masaya Suzuki of Google. References: https://commons.apache.org/proper/commons-compress/security-reports.html Stefan Bodewig -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAl1lgKIACgkQohFa4V9ri3IsSwCg0tYlFA5WXy6EuHFtRjsbVofR WjAAn2uNwEELGpIR2JiRO+jEAyxQJZvV =Ds0n -----END PGP SIGNATURE-----