lz4-java icon indicating copy to clipboard operation
lz4-java copied to clipboard

Published 20 hours ago verified publisher icon lz4

CVE-2021-3520 Whether the vulnerability affects LZ4-Java

Open echopairs opened this issue 3 years ago • 2 comments
trafficstars

Lz4-java relies on the open source software LZ4, which has a CVE vulnerability, whether this vulnerability affects LZ4-Java

echopairs avatar Jun 30 '22 03:06 echopairs

https://nvd.nist.gov/vuln/detail/CVE-2021-3520

echopairs avatar Jun 30 '22 03:06 echopairs

@odaira I see that you have upgraded the version of lz4 to 1.9.4 (which fixes this vulnerability https://github.com/lz4/lz4/pull/972 ). Are there any plans to release a new version soon?

labulalala avatar Jul 07 '23 03:07 labulalala