Back to search
CVE-2019-12402
Published: Aug 29, 2019
Modified: Aug 4, 2024
PUBLISHED
Description
The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache Commons Compress | affected 1.15 to 1.18 |
References
FEDORA-2019-c96a8d12b0
vendor-advisory
FEDORA-2019-da0eac1eb6
vendor-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now