Open-source library XZ Utils Vulnerability (CVE-2024-3094)


Apr 1, 21:37 UTC
Resolved - We are aware of the reported supply chain compromise in the XZ Utils data compression library (CVE-2024-3094, which affects versions 5.6.0 and 5.6.1 of the xz-utils package. This vulnerability attempts to introduce the ability for an attacker to remotely execute commands in OpenSSH through the use of the liblzma library within some operating system environments.

We have assessed the vulnerability, and determined that the Akamai Platform is not affected and customers are protected.

For more information about this vulnerability, please see:

Thank you for your continued support.

Continue reading...