Description from CVE The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress. Explanation
        
        Apache Commons Compress is vulnerable to a Denial of Service (DoS) attack. The encode() method in the NioZipEncoding class fails to account for underflows caused by certain characters during iteration. A remote attacker can exploit this vulnerability by submitting a malicious archive containing file names that contain characters, such as certain umlauts, that exploit this issue. This will cause the application to enter into an infinite loop, ultimately resulting in a DoS condition.
        
        Detection
        
        The application is vulnerable by using this component.
        
        Recommendation
        
        We recommend upgrading to a version of this component that is not vulnerable to this specific issue.
        
        Root Cause commons-compress-1.18.jar <= org/apache/commons/compress/archivers/zip/NioZipEncoding.class : [1.15, 1.19) Advisories Project: https://commons.apache.org/proper/commons-compress/security-... CVSS Details CVE CVSS 3.0: 7.5
        CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H