{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10905?format=json","vulnerability_id":"VCID-vaar-ytpp-eqc7","summary":"Uncontrolled Resource Consumption\nWhen reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.","aliases":[{"alias":"CVE-2021-36090"},{"alias":"GHSA-mc84-pj99-q6hh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049118?format=json","purl":"pkg:deb/debian/libcommons-compress-java@1.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-75h3-dr39-3qb8"},{"vulnerability":"VCID-fd7z-aksz-b7hv"},{"vulnerability":"VCID-h5ex-bm2j-fken"},{"vulnerability":"VCID-z5bc-s8qs-zbh1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcommons-compress-java@1.0-1"},{"url":"http://public2.vulnerablecode.io/api/packages/927021?format=json","purl":"pkg:deb/debian/libcommons-compress-java@1.21-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcommons-compress-java@1.21-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/927014?format=json","purl":"pkg:deb/debian/libcommons-compress-java@1.22-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cg72-sg2w-t3ft"},{"vulnerability":"VCID-k4wn-j55z-b3dk"},{"vulnerability":"VCID-p41w-msyv-u7bk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcommons-compress-java@1.22-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/994873?format=json","purl":"pkg:deb/debian/libcommons-compress-java@1.22-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cg72-sg2w-t3ft"},{"vulnerability":"VCID-k4wn-j55z-b3dk"},{"vulnerability":"VCID-p41w-msyv-u7bk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcommons-compress-java@1.22-1"},{"url":"http://public2.vulnerablecode.io/api/packages/927017?format=json","purl":"pkg:deb/debian/libcommons-compress-java@1.27.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcommons-compress-java@1.27.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/37528?format=json","purl":"pkg:maven/org.apache.commons/commons-compress@1.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cg72-sg2w-t3ft"},{"vulnerability":"VCID-p41w-msyv-u7bk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.commons/commons-compress@1.21"},{"url":"http://public2.vulnerablecode.io/api/packages/37525?format=json","purl":"pkg:maven/org.apache.drill/drill-common@1.19.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.drill/drill-common@1.19.0"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049117?format=json","purl":"pkg:deb/debian/libcommons-compress-java@0~svn604876-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-75h3-dr39-3qb8"},{"vulnerability":"VCID-fd7z-aksz-b7hv"},{"vulnerability":"VCID-h5ex-bm2j-fken"},{"vulnerability":"VCID-p41w-msyv-u7bk"},{"vulnerability":"VCID-qsw3-wm4k-m7h3"},{"vulnerability":"VCID-qu4m-4u1a-r3cv"},{"vulnerability":"VCID-vaar-ytpp-eqc7"},{"vulnerability":"VCID-y6ff-umvz-zbgd"},{"vulnerability":"VCID-z5bc-s8qs-zbh1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcommons-compress-java@0~svn604876-1"},{"url":"http://public2.vulnerablecode.io/api/packages/927016?format=json","purl":"pkg:deb/debian/libcommons-compress-java@1.20-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p41w-msyv-u7bk"},{"vulnerability":"VCID-qsw3-wm4k-m7h3"},{"vulnerability":"VCID-qu4m-4u1a-r3cv"},{"vulnerability":"VCID-vaar-ytpp-eqc7"},{"vulnerability":"VCID-y6ff-umvz-zbgd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcommons-compress-java@1.20-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/994872?format=json","purl":"pkg:deb/debian/libcommons-compress-java@1.20-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p41w-msyv-u7bk"},{"vulnerability":"VCID-qsw3-wm4k-m7h3"},{"vulnerability":"VCID-qu4m-4u1a-r3cv"},{"vulnerability":"VCID-vaar-ytpp-eqc7"},{"vulnerability":"VCID-y6ff-umvz-zbgd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcommons-compress-java@1.20-1"},{"url":"http://public2.vulnerablecode.io/api/packages/37530?format=json","purl":"pkg:maven/org.apache.commons/commons-compress@1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h5ex-bm2j-fken"},{"vulnerability":"VCID-vaar-ytpp-eqc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.commons/commons-compress@1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/37529?format=json","purl":"pkg:maven/org.apache.commons/commons-compress@1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h5ex-bm2j-fken"},{"vulnerability":"VCID-qu4m-4u1a-r3cv"},{"vulnerability":"VCID-vaar-ytpp-eqc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.commons/commons-compress@1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/254998?format=json","purl":"pkg:maven/org.apache.commons/commons-compress@1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h5ex-bm2j-fken"},{"vulnerability":"VCID-qu4m-4u1a-r3cv"},{"vulnerability":"VCID-vaar-ytpp-eqc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.commons/commons-compress@1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/62575?format=json","purl":"pkg:maven/org.apache.commons/commons-compress@1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h5ex-bm2j-fken"},{"vulnerability":"VCID-p41w-msyv-u7bk"},{"vulnerability":"VCID-qu4m-4u1a-r3cv"},{"vulnerability":"VCID-vaar-ytpp-eqc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.commons/commons-compress@1.3"},{"url":"http://public2.vulnerablecode.io/api/packages/254999?format=json","purl":"pkg:maven/org.apache.commons/commons-compress@1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h5ex-bm2j-fken"},{"vulnerability":"VCID-p41w-msyv-u7bk"},{"vulnerability":"VCID-qu4m-4u1a-r3cv"},{"vulnerability":"VCID-vaar-ytpp-eqc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.commons/commons-compress@1.4"},{"url":"http://public2.vulnerablecode.io/api/packages/51256?format=json","purl":"pkg:maven/org.apache.commons/commons-compress@1.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p41w-msyv-u7bk"},{"vulnerability":"VCID-qu4m-4u1a-r3cv"},{"vulnerability":"VCID-vaar-ytpp-eqc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.commons/commons-compress@1.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/255000?format=json","purl":"pkg:maven/org.apache.commons/commons-compress@1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p41w-msyv-u7bk"},{"vulnerability":"VCID-qu4m-4u1a-r3cv"},{"vulnerability":"VCID-vaar-ytpp-eqc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.commons/commons-compress@1.5"},{"url":"http://public2.vulnerablecode.io/api/packages/37526?format=json","purl":"pkg:maven/org.apache.commons/commons-compress@1.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p41w-msyv-u7bk"},{"vulnerability":"VCID-qsw3-wm4k-m7h3"},{"vulnerability":"VCID-qu4m-4u1a-r3cv"},{"vulnerability":"VCID-vaar-ytpp-eqc7"},{"vulnerability":"VCID-y6ff-umvz-zbgd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.commons/commons-compress@1.6"},{"url":"http://public2.vulnerablecode.io/api/packages/142053?format=json","purl":"pkg:maven/org.apache.commons/commons-compress@1.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-75h3-dr39-3qb8"},{"vulnerability":"VCID-p41w-msyv-u7bk"},{"vulnerability":"VCID-qsw3-wm4k-m7h3"},{"vulnerability":"VCID-qu4m-4u1a-r3cv"},{"vulnerability":"VCID-vaar-ytpp-eqc7"},{"vulnerability":"VCID-y6ff-umvz-zbgd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.commons/commons-compress@1.7"},{"url":"http://public2.vulnerablecode.io/api/packages/176354?format=json","purl":"pkg:maven/org.apache.commons/commons-compress@1.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-75h3-dr39-3qb8"},{"vulnerability":"VCID-p41w-msyv-u7bk"},{"vulnerability":"VCID-qsw3-wm4k-m7h3"},{"vulnerability":"VCID-qu4m-4u1a-r3cv"},{"vulnerability":"VCID-vaar-ytpp-eqc7"},{"vulnerability":"VCID-y6ff-umvz-zbgd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.commons/commons-compress@1.8"},{"url":"http://public2.vulnerablecode.io/api/packages/176355?format=json","purl":"pkg:maven/org.apache.commons/commons-compress@1.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-75h3-dr39-3qb8"},{"vulnerability":"VCID-p41w-msyv-u7bk"},{"vulnerability":"VCID-qsw3-wm4k-m7h3"},{"vulnerability":"VCID-qu4m-4u1a-r3cv"},{"vulnerability":"VCID-vaar-ytpp-eqc7"},{"vulnerability":"VCID-y6ff-umvz-zbgd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.commons/commons-compress@1.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/176356?format=json","purl":"pkg:maven/org.apache.commons/commons-compress@1.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-75h3-dr39-3qb8"},{"vulnerability":"VCID-p41w-msyv-u7bk"},{"vulnerability":"VCID-qsw3-wm4k-m7h3"},{"vulnerability":"VCID-qu4m-4u1a-r3cv"},{"vulnerability":"VCID-vaar-ytpp-eqc7"},{"vulnerability":"VCID-y6ff-umvz-zbgd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.commons/commons-compress@1.9"},{"url":"http://public2.vulnerablecode.io/api/packages/176357?format=json","purl":"pkg:maven/org.apache.commons/commons-compress@1.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-75h3-dr39-3qb8"},{"vulnerability":"VCID-p41w-msyv-u7bk"},{"vulnerability":"VCID-qsw3-wm4k-m7h3"},{"vulnerability":"VCID-qu4m-4u1a-r3cv"},{"vulnerability":"VCID-vaar-ytpp-eqc7"},{"vulnerability":"VCID-y6ff-umvz-zbgd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.commons/commons-compress@1.10"},{"url":"http://public2.vulnerablecode.io/api/packages/26971?format=json","purl":"pkg:maven/org.apache.commons/commons-compress@1.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-75h3-dr39-3qb8"},{"vulnerability":"VCID-fd7z-aksz-b7hv"},{"vulnerability":"VCID-p41w-msyv-u7bk"},{"vulnerability":"VCID-qsw3-wm4k-m7h3"},{"vulnerability":"VCID-qu4m-4u1a-r3cv"},{"vulnerability":"VCID-vaar-ytpp-eqc7"},{"vulnerability":"VCID-y6ff-umvz-zbgd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.commons/commons-compress@1.11"},{"url":"http://public2.vulnerablecode.io/api/packages/168749?format=json","purl":"pkg:maven/org.apache.commons/commons-compress@1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-75h3-dr39-3qb8"},{"vulnerability":"VCID-fd7z-aksz-b7hv"},{"vulnerability":"VCID-p41w-msyv-u7bk"},{"vulnerability":"VCID-qsw3-wm4k-m7h3"},{"vulnerability":"VCID-qu4m-4u1a-r3cv"},{"vulnerability":"VCID-vaar-ytpp-eqc7"},{"vulnerability":"VCID-y6ff-umvz-zbgd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.commons/commons-compress@1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/168750?format=json","purl":"pkg:maven/org.apache.commons/commons-compress@1.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-75h3-dr39-3qb8"},{"vulnerability":"VCID-fd7z-aksz-b7hv"},{"vulnerability":"VCID-p41w-msyv-u7bk"},{"vulnerability":"VCID-qsw3-wm4k-m7h3"},{"vulnerability":"VCID-qu4m-4u1a-r3cv"},{"vulnerability":"VCID-vaar-ytpp-eqc7"},{"vulnerability":"VCID-y6ff-umvz-zbgd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.commons/commons-compress@1.13"},{"url":"http://public2.vulnerablecode.io/api/packages/168751?format=json","purl":"pkg:maven/org.apache.commons/commons-compress@1.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-75h3-dr39-3qb8"},{"vulnerability":"VCID-fd7z-aksz-b7hv"},{"vulnerability":"VCID-p41w-msyv-u7bk"},{"vulnerability":"VCID-qsw3-wm4k-m7h3"},{"vulnerability":"VCID-qu4m-4u1a-r3cv"},{"vulnerability":"VCID-vaar-ytpp-eqc7"},{"vulnerability":"VCID-y6ff-umvz-zbgd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.commons/commons-compress@1.14"},{"url":"http://public2.vulnerablecode.io/api/packages/26972?format=json","purl":"pkg:maven/org.apache.commons/commons-compress@1.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-75h3-dr39-3qb8"},{"vulnerability":"VCID-fd7z-aksz-b7hv"},{"vulnerability":"VCID-p41w-msyv-u7bk"},{"vulnerability":"VCID-qsw3-wm4k-m7h3"},{"vulnerability":"VCID-qu4m-4u1a-r3cv"},{"vulnerability":"VCID-vaar-ytpp-eqc7"},{"vulnerability":"VCID-y6ff-umvz-zbgd"},{"vulnerability":"VCID-z5bc-s8qs-zbh1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.commons/commons-compress@1.15"},{"url":"http://public2.vulnerablecode.io/api/packages/26973?format=json","purl":"pkg:maven/org.apache.commons/commons-compress@1.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-75h3-dr39-3qb8"},{"vulnerability":"VCID-p41w-msyv-u7bk"},{"vulnerability":"VCID-qsw3-wm4k-m7h3"},{"vulnerability":"VCID-qu4m-4u1a-r3cv"},{"vulnerability":"VCID-vaar-ytpp-eqc7"},{"vulnerability":"VCID-y6ff-umvz-zbgd"},{"vulnerability":"VCID-z5bc-s8qs-zbh1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.commons/commons-compress@1.16"},{"url":"http://public2.vulnerablecode.io/api/packages/176358?format=json","purl":"pkg:maven/org.apache.commons/commons-compress@1.16.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-75h3-dr39-3qb8"},{"vulnerability":"VCID-p41w-msyv-u7bk"},{"vulnerability":"VCID-qsw3-wm4k-m7h3"},{"vulnerability":"VCID-qu4m-4u1a-r3cv"},{"vulnerability":"VCID-vaar-ytpp-eqc7"},{"vulnerability":"VCID-y6ff-umvz-zbgd"},{"vulnerability":"VCID-z5bc-s8qs-zbh1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.commons/commons-compress@1.16.1"},{"url":"http://public2.vulnerablecode.io/api/packages/176359?format=json","purl":"pkg:maven/org.apache.commons/commons-compress@1.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-75h3-dr39-3qb8"},{"vulnerability":"VCID-p41w-msyv-u7bk"},{"vulnerability":"VCID-qsw3-wm4k-m7h3"},{"vulnerability":"VCID-qu4m-4u1a-r3cv"},{"vulnerability":"VCID-vaar-ytpp-eqc7"},{"vulnerability":"VCID-y6ff-umvz-zbgd"},{"vulnerability":"VCID-z5bc-s8qs-zbh1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.commons/commons-compress@1.17"},{"url":"http://public2.vulnerablecode.io/api/packages/30054?format=json","purl":"pkg:maven/org.apache.commons/commons-compress@1.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p41w-msyv-u7bk"},{"vulnerability":"VCID-qsw3-wm4k-m7h3"},{"vulnerability":"VCID-qu4m-4u1a-r3cv"},{"vulnerability":"VCID-vaar-ytpp-eqc7"},{"vulnerability":"VCID-y6ff-umvz-zbgd"},{"vulnerability":"VCID-z5bc-s8qs-zbh1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.commons/commons-compress@1.18"},{"url":"http://public2.vulnerablecode.io/api/packages/78779?format=json","purl":"pkg:maven/org.apache.commons/commons-compress@1.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p41w-msyv-u7bk"},{"vulnerability":"VCID-qsw3-wm4k-m7h3"},{"vulnerability":"VCID-qu4m-4u1a-r3cv"},{"vulnerability":"VCID-vaar-ytpp-eqc7"},{"vulnerability":"VCID-y6ff-umvz-zbgd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.commons/commons-compress@1.19"},{"url":"http://public2.vulnerablecode.io/api/packages/37527?format=json","purl":"pkg:maven/org.apache.commons/commons-compress@1.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p41w-msyv-u7bk"},{"vulnerability":"VCID-qsw3-wm4k-m7h3"},{"vulnerability":"VCID-qu4m-4u1a-r3cv"},{"vulnerability":"VCID-vaar-ytpp-eqc7"},{"vulnerability":"VCID-y6ff-umvz-zbgd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.commons/commons-compress@1.20"},{"url":"http://public2.vulnerablecode.io/api/packages/166712?format=json","purl":"pkg:maven/org.apache.drill/drill-common@1.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-j9np-nr8n-x7cr"},{"vulnerability":"VCID-mrdq-9pb2-3qb5"},{"vulnerability":"VCID-vaar-ytpp-eqc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.drill/drill-common@1.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/166713?format=json","purl":"pkg:maven/org.apache.drill/drill-common@1.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-j9np-nr8n-x7cr"},{"vulnerability":"VCID-mrdq-9pb2-3qb5"},{"vulnerability":"VCID-vaar-ytpp-eqc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.drill/drill-common@1.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/166714?format=json","purl":"pkg:maven/org.apache.drill/drill-common@1.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-j9np-nr8n-x7cr"},{"vulnerability":"VCID-mrdq-9pb2-3qb5"},{"vulnerability":"VCID-vaar-ytpp-eqc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.drill/drill-common@1.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/166715?format=json","purl":"pkg:maven/org.apache.drill/drill-common@1.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-j9np-nr8n-x7cr"},{"vulnerability":"VCID-mrdq-9pb2-3qb5"},{"vulnerability":"VCID-vaar-ytpp-eqc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.drill/drill-common@1.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/166716?format=json","purl":"pkg:maven/org.apache.drill/drill-common@1.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-j9np-nr8n-x7cr"},{"vulnerability":"VCID-mrdq-9pb2-3qb5"},{"vulnerability":"VCID-vaar-ytpp-eqc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.drill/drill-common@1.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/166717?format=json","purl":"pkg:maven/org.apache.drill/drill-common@1.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-j9np-nr8n-x7cr"},{"vulnerability":"VCID-mrdq-9pb2-3qb5"},{"vulnerability":"VCID-vaar-ytpp-eqc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.drill/drill-common@1.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/166718?format=json","purl":"pkg:maven/org.apache.drill/drill-common@1.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-j9np-nr8n-x7cr"},{"vulnerability":"VCID-mrdq-9pb2-3qb5"},{"vulnerability":"VCID-vaar-ytpp-eqc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.drill/drill-common@1.7.0"},{"url":"http://public2.vulnerablecode.io/api/packages/166719?format=json","purl":"pkg:maven/org.apache.drill/drill-common@1.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-j9np-nr8n-x7cr"},{"vulnerability":"VCID-mrdq-9pb2-3qb5"},{"vulnerability":"VCID-vaar-ytpp-eqc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.drill/drill-common@1.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/166720?format=json","purl":"pkg:maven/org.apache.drill/drill-common@1.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-j9np-nr8n-x7cr"},{"vulnerability":"VCID-mrdq-9pb2-3qb5"},{"vulnerability":"VCID-vaar-ytpp-eqc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.drill/drill-common@1.9.0"},{"url":"http://public2.vulnerablecode.io/api/packages/166721?format=json","purl":"pkg:maven/org.apache.drill/drill-common@1.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-j9np-nr8n-x7cr"},{"vulnerability":"VCID-mrdq-9pb2-3qb5"},{"vulnerability":"VCID-vaar-ytpp-eqc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.drill/drill-common@1.10.0"},{"url":"http://public2.vulnerablecode.io/api/packages/25643?format=json","purl":"pkg:maven/org.apache.drill/drill-common@1.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-j9np-nr8n-x7cr"},{"vulnerability":"VCID-mrdq-9pb2-3qb5"},{"vulnerability":"VCID-vaar-ytpp-eqc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.drill/drill-common@1.11.0"},{"url":"http://public2.vulnerablecode.io/api/packages/25644?format=json","purl":"pkg:maven/org.apache.drill/drill-common@1.12.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mrdq-9pb2-3qb5"},{"vulnerability":"VCID-vaar-ytpp-eqc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.drill/drill-common@1.12.0"},{"url":"http://public2.vulnerablecode.io/api/packages/222853?format=json","purl":"pkg:maven/org.apache.drill/drill-common@1.13.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mrdq-9pb2-3qb5"},{"vulnerability":"VCID-vaar-ytpp-eqc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.drill/drill-common@1.13.0"},{"url":"http://public2.vulnerablecode.io/api/packages/222854?format=json","purl":"pkg:maven/org.apache.drill/drill-common@1.14.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mrdq-9pb2-3qb5"},{"vulnerability":"VCID-vaar-ytpp-eqc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.drill/drill-common@1.14.0"},{"url":"http://public2.vulnerablecode.io/api/packages/222855?format=json","purl":"pkg:maven/org.apache.drill/drill-common@1.15.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mrdq-9pb2-3qb5"},{"vulnerability":"VCID-vaar-ytpp-eqc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.drill/drill-common@1.15.0"},{"url":"http://public2.vulnerablecode.io/api/packages/222856?format=json","purl":"pkg:maven/org.apache.drill/drill-common@1.16.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mrdq-9pb2-3qb5"},{"vulnerability":"VCID-vaar-ytpp-eqc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.drill/drill-common@1.16.0"},{"url":"http://public2.vulnerablecode.io/api/packages/222857?format=json","purl":"pkg:maven/org.apache.drill/drill-common@1.17.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mrdq-9pb2-3qb5"},{"vulnerability":"VCID-vaar-ytpp-eqc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.drill/drill-common@1.17.0"},{"url":"http://public2.vulnerablecode.io/api/packages/222858?format=json","purl":"pkg:maven/org.apache.drill/drill-common@1.18.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mrdq-9pb2-3qb5"},{"vulnerability":"VCID-vaar-ytpp-eqc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.drill/drill-common@1.18.0"},{"url":"http://public2.vulnerablecode.io/api/packages/100267?format=json","purl":"pkg:rpm/redhat/apache-commons-compress@1.21-1.2?arch=el8ev","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-qsw3-wm4k-m7h3"},{"vulnerability":"VCID-qu4m-4u1a-r3cv"},{"vulnerability":"VCID-vaar-ytpp-eqc7"},{"vulnerability":"VCID-y6ff-umvz-zbgd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/apache-commons-compress@1.21-1.2%3Farch=el8ev"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36090.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36090.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36090","reference_id":"","reference_type":"","scores":[{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69269","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69273","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.6925","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69232","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69182","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69201","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.6918","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69316","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69309","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69277","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69164","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69229","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69258","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00736","scoring_system":"epss","scoring_elements":"0.72921","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00736","scoring_system":"epss","scoring_elements":"0.72958","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00736","scoring_system":"epss","scoring_elements":"0.72933","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00736","scoring_system":"epss","scoring_elements":"0.72907","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00736","scoring_system":"epss","scoring_elements":"0.72912","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00736","scoring_system":"epss","scoring_elements":"0.72945","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36090"},{"reference_url":"https://commons.apache.org/proper/commons-compress/security-reports.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://commons.apache.org/proper/commons-compress/security-reports.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36090","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36090"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.apache.org/thread.html/r0e87177f8e78b4ee453cd4d3d8f4ddec6f10d2c27707dd71e12cafc9@%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r0e87177f8e78b4ee453cd4d3d8f4ddec6f10d2c27707dd71e12cafc9@%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r25f4c44616045085bc3cf901bb7e68e445eee53d1966fc08998fc456@%3Cdev.drill.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r25f4c44616045085bc3cf901bb7e68e445eee53d1966fc08998fc456@%3Cdev.drill.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3227b1287e5bd8db6523b862c22676b046ad8f4fc96433225f46a2bd@%3Cissues.drill.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3227b1287e5bd8db6523b862c22676b046ad8f4fc96433225f46a2bd@%3Cissues.drill.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r4f03c5de923e3f2a8c316248681258125140514ef3307bfe1538e1ab@%3Cdev.drill.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r4f03c5de923e3f2a8c316248681258125140514ef3307bfe1538e1ab@%3Cdev.drill.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r54049b66afbca766b6763c7531e9fe7a20293a112bcb65462a134949@%3Ccommits.drill.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r54049b66afbca766b6763c7531e9fe7a20293a112bcb65462a134949@%3Ccommits.drill.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r67ef3c07fe3b8c1b02d48012149d280ad6da8e4cec253b527520fb2b@%3Cdev.poi.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r67ef3c07fe3b8c1b02d48012149d280ad6da8e4cec253b527520fb2b@%3Cdev.poi.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r75ffc7a461e7e7ae77690fa75bd47bb71365c732e0fbcc44da4f8ff5@%3Cdev.tomcat.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r75ffc7a461e7e7ae77690fa75bd47bb71365c732e0fbcc44da4f8ff5@%3Cdev.tomcat.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9a23d4dbf4e34d498664080bff59f2893b855eb16dae33e4aa92fa53@%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9a23d4dbf4e34d498664080bff59f2893b855eb16dae33e4aa92fa53@%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9f54c0caa462267e0cc68b49f141e91432b36b23348d18c65bd0d040@%3Cnotifications.skywalking.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9f54c0caa462267e0cc68b49f141e91432b36b23348d18c65bd0d040@%3Cnotifications.skywalking.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rab292091eadd1ecc63c516e9541a7f241091cf2e652b8185a6059945@%3Ccommits.druid.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rab292091eadd1ecc63c516e9541a7f241091cf2e652b8185a6059945@%3Ccommits.druid.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/racd0c0381c8404f298b226cd9db2eaae965b14c9c568224aa3f437ae@%3Cnotifications.skywalking.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/racd0c0381c8404f298b226cd9db2eaae965b14c9c568224aa3f437ae@%3Cnotifications.skywalking.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb064d705fdfa44b5dae4c366b369ef6597951083196321773b983e71@%3Ccommits.pulsar.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb064d705fdfa44b5dae4c366b369ef6597951083196321773b983e71@%3Ccommits.pulsar.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb5fa2ee61828fa2e42361b58468717e84902dd71c4aea8dc0b865df7@%3Cnotifications.james.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb5fa2ee61828fa2e42361b58468717e84902dd71c4aea8dc0b865df7@%3Cnotifications.james.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb6e1fa80d34e5ada45f72655d84bfd90db0ca44ef19236a49198c88c@%3Cnotifications.skywalking.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb6e1fa80d34e5ada45f72655d84bfd90db0ca44ef19236a49198c88c@%3Cnotifications.skywalking.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb7adf3e55359819e77230b4586521e5c6874ce5ed93384bdc14d6aee@%3Cnotifications.skywalking.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb7adf3e55359819e77230b4586521e5c6874ce5ed93384bdc14d6aee@%3Cnotifications.skywalking.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rba65ed5ddb0586f5b12598f55ec7db3633e7b7fede60466367fbf86a@%3Cnotifications.skywalking.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rba65ed5ddb0586f5b12598f55ec7db3633e7b7fede60466367fbf86a@%3Cnotifications.skywalking.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rbbf42642c3e4167788a7c13763d192ee049604d099681f765385d99d@%3Cdev.drill.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rbbf42642c3e4167788a7c13763d192ee049604d099681f765385d99d@%3Cdev.drill.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rbe91c512c5385181149ab087b6c909825d34299f5c491c6482a2ed57@%3Ccommits.druid.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rbe91c512c5385181149ab087b6c909825d34299f5c491c6482a2ed57@%3Ccommits.druid.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc4134026d7d7b053d4f9f2205531122732405012c8804fd850a9b26f%40%3Cuser.commons.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rc4134026d7d7b053d4f9f2205531122732405012c8804fd850a9b26f%40%3Cuser.commons.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc7df4c2f0bbe2028a1498a46d322c91184f7a369e3e4c57d9518cacf@%3Cdev.drill.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rc7df4c2f0bbe2028a1498a46d322c91184f7a369e3e4c57d9518cacf@%3Cdev.drill.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd4332baaf6debd03d60deb7ec93bee49e5fdbe958cb6800dff7fb00e@%3Cnotifications.skywalking.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rd4332baaf6debd03d60deb7ec93bee49e5fdbe958cb6800dff7fb00e@%3Cnotifications.skywalking.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rdd5412a5b9a25aed2a02c3317052d38a97128314d50bc1ed36e81d38@%3Cuser.ant.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rdd5412a5b9a25aed2a02c3317052d38a97128314d50bc1ed36e81d38@%3Cuser.ant.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf2f4d7940371a7c7c5b679f50e28fc7fcc82cd00670ced87e013ac88@%3Ccommits.druid.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rf2f4d7940371a7c7c5b679f50e28fc7fcc82cd00670ced87e013ac88@%3Ccommits.druid.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf3f0a09fee197168a813966c5816157f6c600a47313a0d6813148ea6@%3Cissues.drill.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rf3f0a09fee197168a813966c5816157f6c600a47313a0d6813148ea6@%3Cissues.drill.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf93b6bb267580e01deb7f3696f7eaca00a290c66189a658cf7230a1a@%3Cissues.drill.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rf93b6bb267580e01deb7f3696f7eaca00a290c66189a658cf7230a1a@%3Cissues.drill.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rfba19167efc785ad3561e7ef29f340d65ac8f0d897aed00e0731e742@%3Cnotifications.skywalking.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rfba19167efc785ad3561e7ef29f340d65ac8f0d897aed00e0731e742@%3Cnotifications.skywalking.apache.org%3E"},{"reference_url":"https://security.netapp.com/advisory/ntap-20211022-0001","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20211022-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20211022-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20211022-0001/"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/07/13/4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2021/07/13/4"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/07/13/6","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2021/07/13/6"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1981909","reference_id":"1981909","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1981909"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991041","reference_id":"991041","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991041"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36090","reference_id":"CVE-2021-36090","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36090"},{"reference_url":"https://github.com/advisories/GHSA-mc84-pj99-q6hh","reference_id":"GHSA-mc84-pj99-q6hh","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mc84-pj99-q6hh"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5532","reference_id":"RHSA-2022:5532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5532"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5555","reference_id":"RHSA-2022:5555","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5555"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":130,"name":"Improper Handling of Length Parameter Inconsistency","description":"The product parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data."},{"cwe_id":770,"name":"Allocation of Resources Without Limits or Throttling","description":"The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor."}],"exploits":[],"severity_range_score":"7.0 - 8.9","exploitability":"0.5","weighted_severity":"8.0","risk_score":4.0,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vaar-ytpp-eqc7"}