search

yaeljacobs67 / fs-agent

File system agent for integration with WhiteSource service
Apache License 2.0
0 stars 0 forks source link

WS-2018-0601 (Medium) detected in commons-compress-1.18.jar - autoclosed #55

Closed mend-for-github-com[bot] closed 2 years ago

mend-for-github-com[bot] commented 4 years ago

WS-2018-0601 - Medium Severity Vulnerability

Vulnerable Library - commons-compress-1.18.jar

Apache Commons Compress software defines an API for working with compression and archive formats. These include: bzip2, gzip, pack200, lzma, xz, Snappy, traditional Unix Compress, DEFLATE, DEFLATE64, LZ4, Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj.

Library home page: https://commons.apache.org/proper/commons-compress/

Path to dependency file: /fs-agent/pom.xml

Path to vulnerable library: 2/repository/org/apache/commons/commons-compress/1.18/commons-compress-1.18.jar

Dependency Hierarchy: - :x: **commons-compress-1.18.jar** (Vulnerable Library)

Vulnerability Details

The example Expander class in Apache Commons Compress before 1.18 has been vulnerable to a path traversal in the edge case that happens when the target directory has a sibling directory and the name of the target directory is a prefix of the sibling directory's name.

Publish Date: 2019-09-26

URL: WS-2018-0601

CVSS 2 Score Details (6.0)

Base Score Metrics not available

mend-for-github-com[bot] commented 2 years ago

:heavy_check_mark: This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory.