ozlerhakan/poiji

Vulnerabilities on Transitive Dependencies in Commons Compress 1.25

ra-lukas opened this issue · 4 comments

Checkmarx in IntelliJ is warning on the use of org.apache.commons:commons-compress:1.25.0

Provides transitive vulnerable dependency maven:org.apache.commons:commons-compress:1.25.0
CVE-2024-26308 7.5 Allocation of Resources Without Limits or Throttling vulnerability with High severity found
CVE-2024-25710 5.5 Loop with Unreachable Exit Condition ("Infinite Loop") vulnerability with Medium severity found

Looks like this was addressed in 1.26.

Just a heads up.

Thank you for contributing to Poiji! Feel free to create a PR If you want to contribute directly :)

Looks like the problem is with POI, which isn't scheduled to be updated for a while.... feel free to delete this issue if desired.

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.