Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.commons/commons-compress@1.22
Typemaven
Namespaceorg.apache.commons
Namecommons-compress
Version1.22
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.26.0
Latest_non_vulnerable_version1.26.0
Affected_by_vulnerabilities
0
url VCID-cg72-sg2w-t3ft
vulnerability_id VCID-cg72-sg2w-t3ft
summary 
Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file
Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress. This issue affects Apache Commons Compress: from 1.21 before 1.26.

Users are recommended to upgrade to version 1.26, which fixes the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26308.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26308.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-26308
reference_id
reference_type
scores
0
value 0.00392
scoring_system epss
scoring_elements 0.60235
published_at 2026-05-07T12:55:00Z
1
value 0.00392
scoring_system epss
scoring_elements 0.60189
published_at 2026-05-05T12:55:00Z
2
value 0.00392
scoring_system epss
scoring_elements 0.60218
published_at 2026-04-08T12:55:00Z
3
value 0.00392
scoring_system epss
scoring_elements 0.6027
published_at 2026-04-18T12:55:00Z
4
value 0.00392
scoring_system epss
scoring_elements 0.60262
published_at 2026-04-16T12:55:00Z
5
value 0.00392
scoring_system epss
scoring_elements 0.60223
published_at 2026-04-13T12:55:00Z
6
value 0.00392
scoring_system epss
scoring_elements 0.6024
published_at 2026-04-12T12:55:00Z
7
value 0.00392
scoring_system epss
scoring_elements 0.60254
published_at 2026-04-11T12:55:00Z
8
value 0.00392
scoring_system epss
scoring_elements 0.60175
published_at 2026-04-02T12:55:00Z
9
value 0.00392
scoring_system epss
scoring_elements 0.602
published_at 2026-04-04T12:55:00Z
10
value 0.00392
scoring_system epss
scoring_elements 0.60169
published_at 2026-04-07T12:55:00Z
11
value 0.00392
scoring_system epss
scoring_elements 0.60233
published_at 2026-04-09T12:55:00Z
12
value 0.00392
scoring_system epss
scoring_elements 0.60232
published_at 2026-04-29T12:55:00Z
13
value 0.00392
scoring_system epss
scoring_elements 0.60245
published_at 2026-04-26T12:55:00Z
14
value 0.00392
scoring_system epss
scoring_elements 0.60229
published_at 2026-04-24T12:55:00Z
15
value 0.00392
scoring_system epss
scoring_elements 0.60257
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-26308
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/commons-compress
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/commons-compress
4
reference_url https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T17:49:36Z/
url https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-26308
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-26308
6
reference_url https://security.netapp.com/advisory/ntap-20240307-0009
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240307-0009
7
reference_url http://www.openwall.com/lists/oss-security/2024/02/19/2
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T17:49:36Z/
url http://www.openwall.com/lists/oss-security/2024/02/19/2
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064414
reference_id 1064414
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064414
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2264989
reference_id 2264989
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2264989
10
reference_url https://github.com/advisories/GHSA-4265-ccf5-phj5
reference_id GHSA-4265-ccf5-phj5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4265-ccf5-phj5
11
reference_url https://security.netapp.com/advisory/ntap-20240307-0009/
reference_id ntap-20240307-0009
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T17:49:36Z/
url https://security.netapp.com/advisory/ntap-20240307-0009/
12
reference_url https://access.redhat.com/errata/RHSA-2024:1509
reference_id RHSA-2024:1509
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1509
13
reference_url https://access.redhat.com/errata/RHSA-2024:1797
reference_id RHSA-2024:1797
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1797
14
reference_url https://access.redhat.com/errata/RHSA-2025:7625
reference_id RHSA-2025:7625
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7625
fixed_packages
0
url pkg:maven/org.apache.commons/commons-compress@1.26.0
purl pkg:maven/org.apache.commons/commons-compress@1.26.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.commons/commons-compress@1.26.0
aliases CVE-2024-26308, GHSA-4265-ccf5-phj5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cg72-sg2w-t3ft
1
url VCID-k4wn-j55z-b3dk
vulnerability_id VCID-k4wn-j55z-b3dk
summary 
Apache Commons Compress denial of service vulnerability
Improper Input Validation, Uncontrolled Resource Consumption vulnerability in Apache Commons Compress in TAR parsing.This issue affects Apache Commons Compress: from 1.22 before 1.24.0.

Users are recommended to upgrade to version 1.24.0, which fixes the issue.

A third party can create a malformed TAR file by manipulating file modification times headers, which when parsed with Apache Commons Compress, will cause a denial of service issue via CPU consumption.

In version 1.22 of Apache Commons Compress, support was added for file modification times with higher precision (issue # COMPRESS-612 [1]). The format for the PAX extended headers carrying this data consists of two numbers separated by a period [2], indicating seconds and subsecond precision (for example “1647221103.5998539”). The impacted fields are “atime”, “ctime”, “mtime” and “LIBARCHIVE.creationtime”. No input validation is performed prior to the parsing of header values.

Parsing of these numbers uses the BigDecimal [3] class from the JDK which has a publicly known algorithmic complexity issue when doing operations on large numbers, causing denial of service (see issue # JDK-6560193 [4]). A third party can manipulate file time headers in a TAR file by placing a number with a very long fraction (300,000 digits) or a number with exponent notation (such as “9e9999999”) within a file modification time header, and the parsing of files with these headers will take hours instead of seconds, leading to a denial of service via exhaustion of CPU resources. This issue is similar to CVE-2012-2098 [5].

[1]:  https://issues.apache.org/jira/browse/COMPRESS-612
[2]:  https://pubs.opengroup.org/onlinepubs/9699919799/utilities/pax.html#tag_20_92_13_05
[3]:  https://docs.oracle.com/javase/8/docs/api/java/math/BigDecimal.html
[4]:  https://bugs.openjdk.org/browse/JDK-6560193
[5]:  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2098

Only applications using CompressorStreamFactory class (with auto-detection of file types), TarArchiveInputStream and TarFile classes to parse TAR files are impacted. Since this code was introduced in v1.22, only that version and later versions are impacted.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42503.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42503.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-42503
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01504
published_at 2026-05-07T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.0151
published_at 2026-05-05T12:55:00Z
2
value 0.00011
scoring_system epss
scoring_elements 0.01522
published_at 2026-04-29T12:55:00Z
3
value 0.00011
scoring_system epss
scoring_elements 0.01514
published_at 2026-04-26T12:55:00Z
4
value 0.00012
scoring_system epss
scoring_elements 0.01854
published_at 2026-04-02T12:55:00Z
5
value 0.00012
scoring_system epss
scoring_elements 0.01866
published_at 2026-04-04T12:55:00Z
6
value 0.00014
scoring_system epss
scoring_elements 0.02533
published_at 2026-04-21T12:55:00Z
7
value 0.00014
scoring_system epss
scoring_elements 0.02448
published_at 2026-04-07T12:55:00Z
8
value 0.00014
scoring_system epss
scoring_elements 0.02452
published_at 2026-04-11T12:55:00Z
9
value 0.00014
scoring_system epss
scoring_elements 0.02473
published_at 2026-04-09T12:55:00Z
10
value 0.00014
scoring_system epss
scoring_elements 0.02443
published_at 2026-04-13T12:55:00Z
11
value 0.00014
scoring_system epss
scoring_elements 0.02426
published_at 2026-04-16T12:55:00Z
12
value 0.00014
scoring_system epss
scoring_elements 0.02432
published_at 2026-04-18T12:55:00Z
13
value 0.00014
scoring_system epss
scoring_elements 0.0252
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-42503
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/commons-compress
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/commons-compress
4
reference_url https://github.com/apache/commons-compress/commit/aae38bfb820159ae7a0b792e779571f6a46b3889
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/commons-compress/commit/aae38bfb820159ae7a0b792e779571f6a46b3889
5
reference_url https://lists.apache.org/thread/5xwcyr600mn074vgxq92tjssrchmc93c
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/5xwcyr600mn074vgxq92tjssrchmc93c
6
reference_url https://security.netapp.com/advisory/ntap-20231020-0003
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20231020-0003
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052065
reference_id 1052065
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052065
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2295031
reference_id 2295031
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2295031
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-42503
reference_id CVE-2023-42503
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-42503
10
reference_url https://github.com/advisories/GHSA-cgwf-w82q-5jrr
reference_id GHSA-cgwf-w82q-5jrr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cgwf-w82q-5jrr
fixed_packages
0
url pkg:maven/org.apache.commons/commons-compress@1.24.0
purl pkg:maven/org.apache.commons/commons-compress@1.24.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cg72-sg2w-t3ft
1
vulnerability VCID-p41w-msyv-u7bk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.commons/commons-compress@1.24.0
aliases CVE-2023-42503, GHSA-cgwf-w82q-5jrr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k4wn-j55z-b3dk
2
url VCID-p41w-msyv-u7bk
vulnerability_id VCID-p41w-msyv-u7bk
summary 
Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress. This issue affects Apache Commons Compress: from 1.3 through 1.25.0.

Users are recommended to upgrade to version 1.26.0 which fixes the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-25710.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-25710.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25710
reference_id
reference_type
scores
0
value 0.00018
scoring_system epss
scoring_elements 0.04919
published_at 2026-05-07T12:55:00Z
1
value 0.00018
scoring_system epss
scoring_elements 0.0487
published_at 2026-05-05T12:55:00Z
2
value 0.00018
scoring_system epss
scoring_elements 0.04873
published_at 2026-04-29T12:55:00Z
3
value 0.00018
scoring_system epss
scoring_elements 0.0486
published_at 2026-04-26T12:55:00Z
4
value 0.00018
scoring_system epss
scoring_elements 0.04821
published_at 2026-04-24T12:55:00Z
5
value 0.00018
scoring_system epss
scoring_elements 0.04787
published_at 2026-04-21T12:55:00Z
6
value 0.00018
scoring_system epss
scoring_elements 0.0463
published_at 2026-04-02T12:55:00Z
7
value 0.00018
scoring_system epss
scoring_elements 0.04706
published_at 2026-04-11T12:55:00Z
8
value 0.00018
scoring_system epss
scoring_elements 0.04713
published_at 2026-04-09T12:55:00Z
9
value 0.00018
scoring_system epss
scoring_elements 0.047
published_at 2026-04-08T12:55:00Z
10
value 0.00018
scoring_system epss
scoring_elements 0.04666
published_at 2026-04-07T12:55:00Z
11
value 0.00018
scoring_system epss
scoring_elements 0.04653
published_at 2026-04-04T12:55:00Z
12
value 0.00018
scoring_system epss
scoring_elements 0.04648
published_at 2026-04-18T12:55:00Z
13
value 0.00018
scoring_system epss
scoring_elements 0.04639
published_at 2026-04-16T12:55:00Z
14
value 0.00018
scoring_system epss
scoring_elements 0.04672
published_at 2026-04-13T12:55:00Z
15
value 0.00018
scoring_system epss
scoring_elements 0.04689
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25710
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25710
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25710
3
reference_url http://seclists.org/fulldisclosure/2024/Aug/37
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2024/Aug/37
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/apache/commons-compress
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/commons-compress
6
reference_url https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T16:19:19Z/
url https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25710
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25710
8
reference_url https://security.netapp.com/advisory/ntap-20240307-0010
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240307-0010
9
reference_url http://www.openwall.com/lists/oss-security/2024/02/19/1
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T16:19:19Z/
url http://www.openwall.com/lists/oss-security/2024/02/19/1
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064413
reference_id 1064413
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064413
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2264988
reference_id 2264988
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2264988
12
reference_url https://github.com/advisories/GHSA-4g9r-vxhx-9pgx
reference_id GHSA-4g9r-vxhx-9pgx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4g9r-vxhx-9pgx
13
reference_url https://security.netapp.com/advisory/ntap-20240307-0010/
reference_id ntap-20240307-0010
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T16:19:19Z/
url https://security.netapp.com/advisory/ntap-20240307-0010/
14
reference_url https://access.redhat.com/errata/RHSA-2024:1509
reference_id RHSA-2024:1509
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1509
15
reference_url https://access.redhat.com/errata/RHSA-2024:1797
reference_id RHSA-2024:1797
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1797
16
reference_url https://access.redhat.com/errata/RHSA-2024:1924
reference_id RHSA-2024:1924
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1924
17
reference_url https://access.redhat.com/errata/RHSA-2025:7625
reference_id RHSA-2025:7625
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7625
fixed_packages
0
url pkg:maven/org.apache.commons/commons-compress@1.26.0
purl pkg:maven/org.apache.commons/commons-compress@1.26.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.commons/commons-compress@1.26.0
aliases CVE-2024-25710, GHSA-4g9r-vxhx-9pgx
risk_score 3.6
exploitability 0.5
weighted_severity 7.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p41w-msyv-u7bk
Fixing_vulnerabilities
Risk_score3.6
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.commons/commons-compress@1.22