Details
-
Bug
-
Status: Closed
-
Critical
-
Resolution: Fixed
-
None
-
None
Description
As described in CVE-2019-12402, commons-compress:1.18 has an issue where certain inputs may cause an infinite loop which leads to a denial of service attack.
This patch simply upgrades common-compress versions from 1.18 to 1.19 which is the latest minor version at the date of filing this issue (Maven repo).