drill-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [drill] luocooong opened a new pull request #2285: Bump commons-compress from 1.20 to 1.21 for CVE-2021-36090
Date Wed, 04 Aug 2021 05:24:35 GMT

luocooong opened a new pull request #2285:
URL: https://github.com/apache/drill/pull/2285


   # [DRILL-7981](https://issues.apache.org/jira/browse/DRILL-7981): Bump commons-compress
from 1.20 to 1.21 for CVE-2021-36090
   
   ## Description
   
   When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts
of memory that finally leads to an out of memory error even for very small inputs. This could
be used to mount a denial of service attack against services that use Compress' zip package.
   
   ## Documentation
   N/A
   
   ## Testing
   N/A
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@drill.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



Mime
View raw message