View all vulnerabilities

CVE-2024-25710

Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress. This issue affects Apache Commons Compress: from 1.3 through 1.25.0.Users are recommended to upgrade to version 1.26.0 which fixes the issue.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading
Vulnerability Details
Score
5.9
Score Vector
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
Affected Versions
org.apache.commons:commons-compress >= 1.3 < 1.26.0
Severity
Medium
Ecosystem
Publish Date
February 19, 2024
Modified Date
February 13, 2025