WS-2018-0601 (Medium) detected in commons-compress-1.12.jar #48

mend-bolt-for-github · 2019-10-28T04:47:21Z

WS-2018-0601 - Medium Severity Vulnerability

Vulnerable Library - commons-compress-1.12.jar

Apache Commons Compress software defines an API for working with compression and archive formats. These include: bzip2, gzip, pack200, lzma, xz, Snappy, traditional Unix Compress, DEFLATE and ar, cpio, jar, tar, zip, dump, 7z, arj.

Library home page: http://commons.apache.org/proper/commons-compress/

Path to dependency file: /tmp/ws-scm/gdocx/pom.xml

Path to vulnerable library: /root/.m2/repository/org/apache/commons/commons-compress/1.12/commons-compress-1.12.jar

Dependency Hierarchy:

docx4j-6.1.2.jar (Root Library)
- ❌ commons-compress-1.12.jar (Vulnerable Library)

Found in HEAD commit: 7e7507b4750432f74961d4a90935aed873eb7f8f

Vulnerability Details

The example Expander class in Apache Commons Compress before 1.18 has been vulnerable to a path traversal in the edge case that happens when the target directory has a sibling directory and the name of the target directory is a prefix of the sibling directory's name.

Publish Date: 2019-09-26

URL: WS-2018-0601

CVSS 2 Score Details (6.0)

Base Score Metrics not available

Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label Oct 28, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WS-2018-0601 (Medium) detected in commons-compress-1.12.jar #48

WS-2018-0601 (Medium) detected in commons-compress-1.12.jar #48

mend-bolt-for-github bot commented Oct 28, 2019

WS-2018-0601 (Medium) detected in commons-compress-1.12.jar #48

WS-2018-0601 (Medium) detected in commons-compress-1.12.jar #48

Comments

mend-bolt-for-github bot commented Oct 28, 2019

WS-2018-0601 - Medium Severity Vulnerability