WS-2019-0379 (Medium) detected in commons-codec-1.9.jar

whitesource-for-github-com[bot] created this issue on 2020-05-22 · The issue is replied 0 times

WS-2019-0379 - Medium Severity Vulnerability

Vulnerable Library - commons-codec-1.9.jar

Base64 and hexadecimal codecs, plus phonetic encoding utilities.

Library home page: https://commons.apache.org/codec/

Path to vulnerable library: PDToolRelease/8.3.0/Release-8.3.0-2020-10-20/PDTool-8.3.0-2020-10-20.r1/PDTool8.3.0_installer/installer_source/PDTool/lib/tdv/commons-codec-1.9.jar,PDToolRelease/8.0.0/Release-8.0.0-2020-10-20/PDTool-8.0.0-2020-10-20.r1/PDTool8.0.0_installer/installer_source/PDTool/lib/tdv/commons-codec-1.9.jar

Dependency Hierarchy:

  • commons-codec-1.9.jar (Vulnerable Library)

Found in HEAD commit: fbcdeb975e2f7bb2e8828cf9576470b0b6d5c94f

Found in base branch: master

Vulnerability Details

Apache commons-codec before version “commons-codec-1.13-RC1” is vulnerable to information disclosure due to Improper Input validation.

Publish Date: 2019-05-20

URL: WS-2019-0379

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: apache/[email protected]48b6157

Release Date: 2019-05-20

Fix Resolution: commons-codec:commons-codec:1.13


  • Check this box to open an automated fix PR
More Details About Repo
Owner Name TIBCOSoftware
Repo Name PDToolRelease
Full Name TIBCOSoftware/PDToolRelease
Language
Created Date 2014-03-12
Updated Date 2021-06-12
Star Count 1
Watcher Count 3
Fork Count 0
Issue Count 47

YOU MAY BE INTERESTED

Issue Title State Comments Created Date Updated Date Closed Date
Img not exported open 1 2021-05-20 2021-11-07 -
Undefined dependencies and private fields in rabbitmq subscriber open 10 2021-03-15 2021-11-25 -
transfer command to prompt instead interactive box open 0 2021-09-15 2021-11-05 -
flv视频,无法正常显示视频时长和当前时间 open 1 2021-06-02 2021-10-16 -
CSS运行时不在自动添加兼容 closed 4 2021-10-06 2021-11-23 2021-10-25
CDK8s+ Documentation improvements closed 0 2021-10-07 2021-11-18 2021-10-11
Does setPaintProperty with fill-color and stops interpolate colors on it's own ? closed 2 2021-10-19 2021-11-24 2021-10-21
k8s 1.22 support closed 1 2021-09-10 2021-11-19 2021-09-12
Add React Dev Conf conference closed 0 2018-06-27 2021-11-02 2018-06-27
added light block open 0 2020-04-28 2021-11-08 -