[prev in list] [next in list] [prev in thread] [next in thread] 

List:       poi-dev
Subject:    [Bug 68691] New: CVE-2024-26308
From:       bugzilla () apache ! org
Date:       2024-02-29 15:56:17
Message-ID: bug-68691-47293 () https ! bz ! apache ! org/bugzilla/
[Download RAW message or body]

https://bz.apache.org/bugzilla/show_bug.cgi?id=68691

            Bug ID: 68691
           Summary: CVE-2024-26308
           Product: POI
           Version: 5.2.3-FINAL
          Hardware: PC
                OS: Mac OS X 10.1
            Status: NEW
          Severity: normal
          Priority: P2
         Component: XSSF
          Assignee: dev@poi.apache.org
          Reporter: jorge.mascarell@gmail.com
  Target Milestone: ---

Current version 5.2.5 provides transitive vulnerable dependency
org.apache.commons:commons-compress:1.25.0.

This vulnerability has been fixed in org.apache.commons:commons-compress:1.26.0
https://mvnrepository.com/artifact/org.apache.commons/commons-compress

Therefore, the dependency should be updated to new version to avoid the
vulnerability.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org

[prev in list] [next in list] [prev in thread] [next in thread]