CVE-2019-12402: Denial of Service

August 30, 2019 (updated October 22, 2019)

The file name encoding algorithm used internally in Apache Commons Compress can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.

References

nvd.nist.gov/vuln/detail/CVE-2019-12402

Code Behaviors & Features

Detect and mitigate CVE-2019-12402 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →