CVE-2024-25710

Name of the Vulnerable Software and Affected Versions Apache Commons Compress versions 1.3 through 1.25.0 Bamboo Data Center and Server versions 9.0.0, 9.1.0, 9.2.1, 9.3.0, 9.4.0, and 9.5.0 Confluence Data Center and Server version 7.14

Description The issue is related to a Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress. This vulnerability may allow an unauthenticated attacker to expose assets in the environment, susceptible to exploitation, with high impact to confidentiality, integrity, and availability. The vulnerability requires no user interaction.

Recommendations Apache Commons Compress versions 1.3 through 1.25.0: Upgrade to version 1.26.0. Bamboo Data Center and Server 9.2: Upgrade to a release greater than or equal to 9.2.12. Bamboo Data Center and Server 9.4: Upgrade to a release greater than or equal to 9.4.4. Bamboo Data Center and Server 9.5: Upgrade to a release greater than or equal to 9.5.2. Confluence Data Center and Server 7.19: Upgrade to a release greater than or equal to 7.19.25. Confluence Data Center and Server 8.5: Upgrade to a release greater than or equal to 8.5.12. Confluence Data Center and Server 8.9: Upgrade to a release greater than or equal to 8.9.4.