[Bug 68691] New: CVE-2024-26308

bugzilla Thu, 29 Feb 2024 07:56:22 -0800

https://bz.apache.org/bugzilla/show_bug.cgi?id=68691


            Bug ID: 68691
           Summary: CVE-2024-26308
           Product: POI
           Version: 5.2.3-FINAL
          Hardware: PC
                OS: Mac OS X 10.1
            Status: NEW
          Severity: normal
          Priority: P2
         Component: XSSF
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: ---

Current version 5.2.5 provides transitive vulnerable dependency
org.apache.commons:commons-compress:1.25.0.

This vulnerability has been fixed in org.apache.commons:commons-compress:1.26.0
https://mvnrepository.com/artifact/org.apache.commons/commons-compress

Therefore, the dependency should be updated to new version to avoid the
vulnerability.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[Bug 68691] New: CVE-2024-26308

Reply via email to