vulnerability

Amazon Linux AMI 2: CVE-2021-36090: Security patch for apache-commons-compress (Multiple Advisories)

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:P)

Published

Jul 13, 2021

Added

Aug 21, 2024

Modified

May 20, 2026

Description

When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.

Solutions

amazon-linux-ami-2-upgrade-apache-commons-compressamazon-linux-ami-2-upgrade-apache-commons-compress-javadoc

References

AMAZON-AL2/ALAS-2024-2627
CVE-2021-36090
https://attackerkb.com/topics/CVE-2021-36090
CWE-130
EUVD-EUVD-2021-1798
https://euvd.enisa.europa.eu/vulnerability/EUVD-2021-1798

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report