Description
Certain input files could make the code hang when Apache Sanselan 0.97-incubator was used to parse them, which could be used in a DoS attack. Note that Apache Sanselan (incubating) was renamed to Apache Commons Imaging.
Remediation
References
https://lists.apache.org/thread.html/cd37861963aa6d2694c8947d464c99614d3e1a9db6c1a2a8b7b5840a%40%3Cdev.commons.apache.org%3E
Related Vulnerabilities
CVE-2019-19771 Vulnerability in npm package ripedm160
CVE-2021-27516 Vulnerability in maven package org.webjars.npm:urijs
CVE-2012-2379 Vulnerability in maven package org.apache.cxf:cxf-rt-ws-security
CVE-2019-10798 Vulnerability in npm package rdf-graph-array
CVE-2021-23425 Vulnerability in npm package trim-off-newlines