Get a Demo

Let's Patch It!

Book a short call with one our specialists, we'll walk you through how Endor Patches work, and ask you a few questions about your environment (like your primary programming languages and repository management). We'll also send you an email right after you fill out the form, feel free to reply with any questions you have in advance!

Patch

org.apache.commons:commons-compress 1.20

Back to all
Package Version

org.apache.commons:commons-compress 1.20

Github Repository

Package Version Scores

Overall
0
/10
Security
4
Activity
7
Popularity
0
Quality
5
All Factors
Security
Activity
Popularity
Code Quality
Quality
Pull Requests from Bots
Pull requests from bot accounts indicate that the project is using automation for development tasks.
Quality
Pull Requests from Bots
Pull requests from bot accounts indicate that the project is using automation for development tasks.

Endor Patches

Patch Name
CVEs fixed
Lines of Code Changed
68d28cfe39e19bcf5071a7b3
CVEs Fixed
C
0
H
4
+818
-53

Vulnerabilities Fixed

Cve Name
CVE ID
Severity
Excessive Iteration in Compress
CVE-2021-35515
High
Improper Handling of Length Parameter Inconsistency in Compress
CVE-2021-35516
High
Improper Handling of Length Parameter Inconsistency in Compress
CVE-2021-36090
High
Improper Handling of Length Parameter Inconsistency in Compress
CVE-2021-35517
High

Get the Patch Instantly Without Upgrading

Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request

References

Basic Information

Ecosystem
Release Date
LINES OF CODE CHANGED
+818
-53
-
on latest patch
License
Patch Available

Get the Patch Instantly

Secure your app without upgrading.
Fix Without Upgrading
{
"items": [
{
"title": "First Major Release Milestone Achieved",
"description": "The repository has reached 1.0 release status, this is a sign of maturity",
"category": "code quality",
"type": "upscore"
},
{
"title": "Older Releases are Maintained",
"description": "The repository keeps releasing updates to earlier release trains, this is a sign of a commitment to maintaining and supporting the users of the project",
"category": "activity",
"type": "upscore"
},
{
"title": "Unfixed Medium Severity Vulnerabilities",
"description": "Unfixed medium severity vulnerabilities discovered in a repository indicate a somewhat elevated security risk. Analysis only considers vulnerabilities associated with this repository and not its dependencies. Vulnerability information is based on OSV.dev data and Endor's vulnerability database",
"category": "security",
"type": "downscore"
},
{
"title": "No Source Code License",
"description": "Having license information in the source code makes it easier to validate the license status of the package",
"category": "code quality",
"type": "downscore"
}
]
}