VYPR
High severityNVD Advisory· Published Jul 13, 2021· Updated Aug 4, 2024

Apache Commons Compress 1.0 to 1.20 denial of service vulnerability

CVE-2021-36090

Description

When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.commons:commons-compressMaven
< 1.211.21

Affected products

7

Patches

Vulnerability mechanics

References

62

News mentions

0

No linked articles in our index yet.