Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/io.takari/commons-compress@1.12
purl pkg:maven/io.takari/commons-compress@1.12
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 3.4
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-fd7z-aksz-b7hv
Aliases:
CVE-2018-1324
GHSA-h436-432x-8fvx
A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress' extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to 1.15. This can be used to mount a denial of service attack against services that use Compress' zip package. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T20:52:51.554199+00:00 GitLab Importer Affected by VCID-fd7z-aksz-b7hv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.takari/commons-compress/CVE-2018-1324.yml 38.4.0
2026-04-11T22:03:41.700353+00:00 GitLab Importer Affected by VCID-fd7z-aksz-b7hv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.takari/commons-compress/CVE-2018-1324.yml 38.3.0
2026-04-02T22:16:41.915565+00:00 GitLab Importer Affected by VCID-fd7z-aksz-b7hv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.takari/commons-compress/CVE-2018-1324.yml 38.1.0
2026-04-01T15:57:23.300383+00:00 GHSA Importer Affected by VCID-fd7z-aksz-b7hv https://github.com/advisories/GHSA-h436-432x-8fvx 38.0.0
2026-04-01T12:48:21.462226+00:00 GitLab Importer Affected by VCID-fd7z-aksz-b7hv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.takari/commons-compress/CVE-2018-1324.yml 38.0.0