CVE-2024-26308

MEDIUM5.5Denial of service

Description

Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to version 1.26, which fixes the issue.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Affected products

Apache Software Foundation / Apache Commons Compress1.21 – 1.26.0

References

MAILING_LISThttps://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg
MAILING_LISThttp://www.openwall.com/lists/oss-security/2024/02/19/2
MISChttps://security.netapp.com/advisory/ntap-20240307-0009/