Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

更新commons-compress 依赖版本,避免漏洞扫描出来 #205

Open
litian-98 opened this issue Jan 21, 2025 · 0 comments
Open

更新commons-compress 依赖版本,避免漏洞扫描出来 #205

litian-98 opened this issue Jan 21, 2025 · 0 comments
Labels
dependencies Pull requests that update a dependency file
Milestone
1.1.1

Comments

@litian-98
Copy link

依赖项 maven:org.apache.commons:commons-compress:1.25.0 vulnerable

升级到 1.26.0

CVE-2024-25710,分数: 8.1

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0.

Users are recommended to upgrade to version 1.26.0 which fixes the issue.

阅读更多: https://www.mend.io/vulnerability-database/CVE-2024-25710?utm_source=JetBrains

CVE-2024-26308,分数: 5.5

Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26.

Users are recommended to upgrade to version 1.26, which fixes the issue.

阅读更多: https://www.mend.io/vulnerability-database/CVE-2024-26308?utm_source=JetBrains

结果由 Mend.io 提供技术支持
@psxjoy psxjoy added this to the 1.1.1 milestone Jan 26, 2025
@psxjoy psxjoy added the dependencies Pull requests that update a dependency file label Jan 26, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
1.1.1
Development

No branches or pull requests
2 participants
@psxjoy @litian-98