## https://sploitus.com/exploit?id=72866372-961A-5473-BB91-F740403D266F
# CVE
----
## Problem statement: [Stackoverflow](https://stackoverflow.com/questions/78859050/common-vulnerabilities-and-exposures-during-docker-build/78859174?noredirect=1#comment139035998_78859174)
I'm trying to build by project in Docker, So i'm using Docker Desktop to build my project,
when i build the image i get this as one of my vulnerabilities
```
CVE-2024-26308
CWE-770
7.5
H
Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress. This issue affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to version 1.26, which fixes the issue.
CVSS Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected range: >=1.21,<1.26.0
Fix version: 1.26.0
Publish date: 2024-02-19
```
I would like to fix this, but when i read the bug it say it's due to `org.apache.commons`, but i don't have it in my dependency, i try running `mvn help:effective-pom` and ` mvn dependency:tree -Dverbose` and i still did not find it.
What could be the cause of it and how can i fix it?
---------------------------------------
### Requirement
- Java 17
- maven
- Docker Desktop
### RUN
command to run
```
docker build --target run -t build_run .
```
### Snapshot
![snapsho](https://github.com/user-attachments/assets/237d6699-1594-4ceb-8726-c8c44a8602bb)