Vulnerabilities on Transitive Dependencies in Commons Compress 1.25
ra-lukas opened this issue · 4 comments
ra-lukas commented
Checkmarx in IntelliJ is warning on the use of org.apache.commons:commons-compress:1.25.0
Provides transitive vulnerable dependency maven:org.apache.commons:commons-compress:1.25.0
CVE-2024-26308 7.5 Allocation of Resources Without Limits or Throttling vulnerability with High severity found
CVE-2024-25710 5.5 Loop with Unreachable Exit Condition ("Infinite Loop") vulnerability with Medium severity found
Looks like this was addressed in 1.26.
Just a heads up.
github-actions commented
Thank you for contributing to Poiji! Feel free to create a PR If you want to contribute directly :)
ra-lukas commented
Looks like the problem is with POI, which isn't scheduled to be updated for a while.... feel free to delete this issue if desired.
ozlerhakan commented
Thanks @ra-lukas !
stale commented
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.