VulnerableCode Package Details - pkg:maven/org.apache.commons/commons-compress@1.21

Search for packages

Vulnerability	Summary	Fixed by
VCID-cg72-sg2w-t3ft Aliases: CVE-2024-26308 GHSA-4265-ccf5-phj5	Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress. This issue affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to version 1.26, which fixes the issue.	1.26.0 Affected by 0 other vulnerabilities.
VCID-p41w-msyv-u7bk Aliases: CVE-2024-25710 GHSA-4g9r-vxhx-9pgx	Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress. This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue.	1.26.0 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-cg72-sg2w-t3ft
Aliases:
CVE-2024-26308
GHSA-4265-ccf5-phj5

Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress. This issue affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to version 1.26, which fixes the issue.

1.26.0
Affected by 0 other vulnerabilities.

VCID-p41w-msyv-u7bk
Aliases:
CVE-2024-25710
GHSA-4g9r-vxhx-9pgx

Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress. This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue.

1.26.0
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-qsw3-wm4k-m7h3	Excessive Iteration When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.	CVE-2021-35515 GHSA-7hfm-57qf-j43q
VCID-qu4m-4u1a-r3cv	Uncontrolled Resource Consumption When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package.	CVE-2021-35517 GHSA-xqfj-vm6h-2x34
VCID-vaar-ytpp-eqc7	Uncontrolled Resource Consumption When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.	CVE-2021-36090 GHSA-mc84-pj99-q6hh
VCID-y6ff-umvz-zbgd	Uncontrolled Resource Consumption When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz package.	CVE-2021-35516 GHSA-crv7-7245-f45f

Vulnerability

Summary

Aliases

VCID-qsw3-wm4k-m7h3

Excessive Iteration When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.

CVE-2021-35515
GHSA-7hfm-57qf-j43q

VCID-qu4m-4u1a-r3cv

Uncontrolled Resource Consumption When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package.

CVE-2021-35517
GHSA-xqfj-vm6h-2x34

VCID-vaar-ytpp-eqc7

Uncontrolled Resource Consumption When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.

CVE-2021-36090
GHSA-mc84-pj99-q6hh

VCID-y6ff-umvz-zbgd

Uncontrolled Resource Consumption When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz package.

CVE-2021-35516
GHSA-crv7-7245-f45f

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T22:51:10.450643+00:00	GitLab Importer	Affected by	VCID-cg72-sg2w-t3ft	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.commons/commons-compress/CVE-2024-26308.yml	38.4.0
2026-04-16T22:51:10.231009+00:00	GitLab Importer	Affected by	VCID-p41w-msyv-u7bk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.commons/commons-compress/CVE-2024-25710.yml	38.4.0
2026-04-16T21:27:28.992421+00:00	GitLab Importer	Fixing	VCID-vaar-ytpp-eqc7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.commons/commons-compress/CVE-2021-36090.yml	38.4.0
2026-04-16T21:27:28.807184+00:00	GitLab Importer	Fixing	VCID-qu4m-4u1a-r3cv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.commons/commons-compress/CVE-2021-35517.yml	38.4.0
2026-04-16T21:27:28.619451+00:00	GitLab Importer	Fixing	VCID-y6ff-umvz-zbgd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.commons/commons-compress/CVE-2021-35516.yml	38.4.0
2026-04-16T21:27:28.453400+00:00	GitLab Importer	Fixing	VCID-qsw3-wm4k-m7h3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.commons/commons-compress/CVE-2021-35515.yml	38.4.0
2026-04-12T00:10:22.462443+00:00	GitLab Importer	Affected by	VCID-cg72-sg2w-t3ft	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.commons/commons-compress/CVE-2024-26308.yml	38.3.0
2026-04-12T00:10:22.277279+00:00	GitLab Importer	Affected by	VCID-p41w-msyv-u7bk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.commons/commons-compress/CVE-2024-25710.yml	38.3.0
2026-04-11T22:40:25.567468+00:00	GitLab Importer	Fixing	VCID-vaar-ytpp-eqc7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.commons/commons-compress/CVE-2021-36090.yml	38.3.0
2026-04-11T22:40:25.366216+00:00	GitLab Importer	Fixing	VCID-qu4m-4u1a-r3cv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.commons/commons-compress/CVE-2021-35517.yml	38.3.0
2026-04-11T22:40:25.168800+00:00	GitLab Importer	Fixing	VCID-y6ff-umvz-zbgd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.commons/commons-compress/CVE-2021-35516.yml	38.3.0
2026-04-11T22:40:25.003060+00:00	GitLab Importer	Fixing	VCID-qsw3-wm4k-m7h3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.commons/commons-compress/CVE-2021-35515.yml	38.3.0
2026-04-03T00:15:44.565816+00:00	GitLab Importer	Affected by	VCID-cg72-sg2w-t3ft	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.commons/commons-compress/CVE-2024-26308.yml	38.1.0
2026-04-03T00:15:44.344486+00:00	GitLab Importer	Affected by	VCID-p41w-msyv-u7bk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.commons/commons-compress/CVE-2024-25710.yml	38.1.0
2026-04-02T22:50:55.434377+00:00	GitLab Importer	Fixing	VCID-vaar-ytpp-eqc7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.commons/commons-compress/CVE-2021-36090.yml	38.1.0
2026-04-02T22:50:55.251901+00:00	GitLab Importer	Fixing	VCID-qu4m-4u1a-r3cv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.commons/commons-compress/CVE-2021-35517.yml	38.1.0
2026-04-02T22:50:55.078612+00:00	GitLab Importer	Fixing	VCID-y6ff-umvz-zbgd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.commons/commons-compress/CVE-2021-35516.yml	38.1.0
2026-04-02T22:50:54.916647+00:00	GitLab Importer	Fixing	VCID-qsw3-wm4k-m7h3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.commons/commons-compress/CVE-2021-35515.yml	38.1.0
2026-04-02T16:57:36.760306+00:00	GHSA Importer	Fixing	VCID-vaar-ytpp-eqc7	https://github.com/advisories/GHSA-mc84-pj99-q6hh	38.1.0
2026-04-02T16:57:36.699773+00:00	GHSA Importer	Fixing	VCID-qu4m-4u1a-r3cv	https://github.com/advisories/GHSA-xqfj-vm6h-2x34	38.1.0
2026-04-02T16:57:36.652676+00:00	GHSA Importer	Fixing	VCID-y6ff-umvz-zbgd	https://github.com/advisories/GHSA-crv7-7245-f45f	38.1.0
2026-04-02T16:57:36.609387+00:00	GHSA Importer	Fixing	VCID-qsw3-wm4k-m7h3	https://github.com/advisories/GHSA-7hfm-57qf-j43q	38.1.0
2026-04-01T16:04:35.081019+00:00	GHSA Importer	Affected by	VCID-cg72-sg2w-t3ft	https://github.com/advisories/GHSA-4265-ccf5-phj5	38.0.0
2026-04-01T13:01:46.566271+00:00	GithubOSV Importer	Fixing	VCID-qu4m-4u1a-r3cv	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-xqfj-vm6h-2x34/GHSA-xqfj-vm6h-2x34.json	38.0.0
2026-04-01T13:01:43.733768+00:00	GithubOSV Importer	Fixing	VCID-y6ff-umvz-zbgd	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-crv7-7245-f45f/GHSA-crv7-7245-f45f.json	38.0.0
2026-04-01T13:01:43.289914+00:00	GithubOSV Importer	Fixing	VCID-vaar-ytpp-eqc7	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-mc84-pj99-q6hh/GHSA-mc84-pj99-q6hh.json	38.0.0
2026-04-01T13:01:23.960467+00:00	GithubOSV Importer	Fixing	VCID-qsw3-wm4k-m7h3	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-7hfm-57qf-j43q/GHSA-7hfm-57qf-j43q.json	38.0.0
2026-04-01T12:52:31.575848+00:00	GitLab Importer	Affected by	VCID-cg72-sg2w-t3ft	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.commons/commons-compress/CVE-2024-26308.yml	38.0.0
2026-04-01T12:48:35.647286+00:00	GitLab Importer	Fixing	VCID-vaar-ytpp-eqc7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.commons/commons-compress/CVE-2021-36090.yml	38.0.0
2026-04-01T12:48:35.633396+00:00	GitLab Importer	Fixing	VCID-qu4m-4u1a-r3cv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.commons/commons-compress/CVE-2021-35517.yml	38.0.0
2026-04-01T12:48:35.615046+00:00	GitLab Importer	Fixing	VCID-y6ff-umvz-zbgd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.commons/commons-compress/CVE-2021-35516.yml	38.0.0
2026-04-01T12:48:35.595832+00:00	GitLab Importer	Fixing	VCID-qsw3-wm4k-m7h3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.commons/commons-compress/CVE-2021-35515.yml	38.0.0