Severity: low Description:
When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package. Mitigation: Commons Compress users should upgrade to 1.21 or later. Credit: This issue was discovered by OSS Fuzz. References: https://commons.apache.org/proper/commons-compress/security-reports.html --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
