CVE-2021-3520 Whether the vulnerability affects LZ4-Java

lz4 / lz4-java

LZ4 compression for Java

Apache License 2.0

1.09k stars 248 forks source link

CVE-2021-3520 Whether the vulnerability affects LZ4-Java #196

Open echopairs opened 2 years ago

echopairs commented 2 years ago

Lz4-java relies on the open source software LZ4, which has a CVE vulnerability, whether this vulnerability affects LZ4-Java

echopairs commented 2 years ago

https://nvd.nist.gov/vuln/detail/CVE-2021-3520

labulalala commented 1 year ago

@odaira I see that you have upgraded the version of lz4 to 1.9.4 (which fixes this vulnerability https://github.com/lz4/lz4/pull/972 ). Are there any plans to release a new version soon?