WS-2019-0379 (Medium) detected in commons-codec-1.9.jar #68

mend-for-github-com · 2021-04-21T01:00:44Z

WS-2019-0379 - Medium Severity Vulnerability

Vulnerable Library - commons-codec-1.9.jar

Base64 and hexadecimal codecs, plus phonetic encoding utilities.

Path to vulnerable library: /SQSRESTConnector/com.tibco.aws.sqs.Impl/lib/commons-codec-1.9.jar

Dependency Hierarchy:

Found in base branch: master

Vulnerability Details

Apache commons-codec before version “commons-codec-1.13-RC1” is vulnerable to information disclosure due to Improper Input validation.

Publish Date: 2019-05-20

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2019-05-20

Fix Resolution: commons-codec:commons-codec:1.13

mend-for-github-com bot added the security vulnerability Security vulnerability detected by WhiteSource label Apr 21, 2021