poiji icon indicating copy to clipboard operation
poiji copied to clipboard

Published 20 hours ago verified publisher icon ozlerhakan

Vulnerabilities on Transitive Dependencies in Commons Compress 1.25

Open ra-lukas opened this issue 11 months ago • 4 comments

Checkmarx in IntelliJ is warning on the use of org.apache.commons:commons-compress:1.25.0

Provides transitive vulnerable dependency maven:org.apache.commons:commons-compress:1.25.0
CVE-2024-26308 7.5 Allocation of Resources Without Limits or Throttling vulnerability with High severity found
CVE-2024-25710 5.5 Loop with Unreachable Exit Condition ("Infinite Loop") vulnerability with Medium severity found

Looks like this was addressed in 1.26.

Just a heads up.

ra-lukas avatar Mar 22 '24 12:03 ra-lukas

Thank you for contributing to Poiji! Feel free to create a PR If you want to contribute directly :)

github-actions[bot] avatar Mar 22 '24 12:03 github-actions[bot]

Looks like the problem is with POI, which isn't scheduled to be updated for a while.... feel free to delete this issue if desired.

ra-lukas avatar Mar 22 '24 12:03 ra-lukas

Thanks @ra-lukas !

ozlerhakan avatar Mar 22 '24 14:03 ozlerhakan

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Apr 22 '24 07:04 stale[bot]