{"id":"MGASA-2020-0001","summary":"Updated apache-commons-compress- packages fix security vulnerability","details":"pdated apache-commons-compress packages fix security vulnerability:\n\nA resource consumption vulnerability was discovered in apache-commons-\ncompress in the way NioZipEncoding encodes filenames. Applications that\nuse Compress to create archives, with one of the filenames within the\narchive being controlled by the user, may be vulnerable to this flaw.\nA remote attacker could exploit this flaw to cause an infinite loop during\nthe archive creation, thus leading to a denial of service (CVE-2019-12402).\n","modified":"2026-04-16T04:43:55.471827322Z","published":"2020-01-05T15:37:51Z","upstream":["CVE-2019-12402"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2020-0001.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=25365"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QLJIK2AUOZOWXR3S5XXBUNMOF3RTHTI7/"}],"affected":[{"package":{"name":"apache-commons-compress","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/apache-commons-compress?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.19-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0001.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}