Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/com.liferay/com.liferay.portal.tools.bundle.support@3.4.2
purl pkg:maven/com.liferay/com.liferay.portal.tools.bundle.support@3.4.2
Next non-vulnerable version 3.7.4
Latest non-vulnerable version 3.7.4
Risk 3.4
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-fd7z-aksz-b7hv
Aliases:
CVE-2018-1324
GHSA-h436-432x-8fvx
A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress' extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to 1.15. This can be used to mount a denial of service attack against services that use Compress' zip package.
3.7.4
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T20:52:51.825512+00:00 GitLab Importer Affected by VCID-fd7z-aksz-b7hv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.liferay/com.liferay.portal.tools.bundle.support/CVE-2018-1324.yml 38.4.0
2026-04-11T22:03:42.153930+00:00 GitLab Importer Affected by VCID-fd7z-aksz-b7hv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.liferay/com.liferay.portal.tools.bundle.support/CVE-2018-1324.yml 38.3.0
2026-04-02T22:16:42.327226+00:00 GitLab Importer Affected by VCID-fd7z-aksz-b7hv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.liferay/com.liferay.portal.tools.bundle.support/CVE-2018-1324.yml 38.1.0
2026-04-01T16:34:18.996256+00:00 GitLab Importer Affected by VCID-fd7z-aksz-b7hv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.liferay/com.liferay.portal.tools.bundle.support/CVE-2018-1324.yml 38.0.0