You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Vulnerable Package issue exists @ Maven-com.google.protobuf:protobuf-java-3.6.1 in branch main
An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions. The was released for "protobuf-java" package in versions 3.16.1, 3.18.2, and 3.19.2, "protobuf-kotlin" package in 3.18.2 and 3.19.2, and "google-protobuf" RubyGems package in version 3.19.2.
Vulnerable Package issue exists @ Maven-com.google.protobuf:protobuf-java-3.6.1 in branch main
An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions. The was released for "protobuf-java" package in versions 3.16.1, 3.18.2, and 3.19.2, "protobuf-kotlin" package in 3.18.2 and 3.19.2, and "google-protobuf" RubyGems package in version 3.19.2.
Namespace: cxronen
Repository: AST_BookStore
Repository Url: https://github.com/cxronen/AST_BookStore
CxAST-Project: cxronen/AST_BookStore
CxAST platform scan: 5ce0a2a6-b532-4da0-8561-73b2e9eca97e
Branch: main
Application: AST_BookStore
Severity: MEDIUM
State: NOT_IGNORED
Status: RECURRENT
CWE: CWE-696
Additional Info
Attack vector: LOCAL
Attack complexity: LOW
Confidentiality impact: NONE
Availability impact: HIGH
Remediation Upgrade Recommendation: 3.16.1
References
Issue
Mail Thread
Commit
Advisory
Pull request
Advisory
The text was updated successfully, but these errors were encountered: