[jira] [Resolved] (DRILL-7981) Bump commons-compress from 1.20 to 1.21 for CVE-2021-36090

Charles Givre (Jira) Wed, 24 Nov 2021 06:40:09 -0800


     [ 
https://issues.apache.org/jira/browse/DRILL-7981?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Charles Givre resolved DRILL-7981.
----------------------------------
    Resolution: Fixed

> Bump commons-compress from 1.20 to 1.21 for CVE-2021-36090
> ----------------------------------------------------------
>
>                 Key: DRILL-7981
>                 URL: https://issues.apache.org/jira/browse/DRILL-7981
>             Project: Apache Drill
>          Issue Type: Improvement
>            Reporter: Cong Luo
>            Assignee: Cong Luo
>            Priority: Major
>             Fix For: 1.20.0
>
>
> When reading a specially crafted ZIP archive, Compress can be made to 
> allocate large amounts of memory that finally leads to an out of memory error 
> even for very small inputs. This could be used to mount a denial of service 
> attack against services that use Compress' zip package.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Resolved] (DRILL-7981) Bump commons-compress from 1.20 to 1.21 for CVE-2021-36090

Reply via email to