Closed igortepavac closed 4 days ago
Additionally, would it be possible to include the fix also in the 4.x.x version? It would be helpful to not be forced to upgrade to a new major version immediately. Thank you for understanding!
Hi @igortepavac, thanks for reaching out! We are already working on this, we'll update this issue once we have a solution.
Hi @igortepavac, To provide a context of CVE-2023-33201 it only affects if there's use of LDAP directory which is not a case for 3DS2 SDK, so it doesn't impact directly. The 3DS2 SDK v2.2.15 should be compatible with bouncycastle versions up to v1.77, that means it could be also updated separately from the app side.
@igortepavac we just released 4.13.5 to address this issue. The v5 release will follow later.
Hi, could you please update the Adyen 3DS2 dependency to v2.2.16? It contains a newer version of the Bouncy Castle library (v1.77) which contains a fix for CVE-2023-33201.
The vulnerability was already mentioned in https://github.com/Adyen/adyen-3ds2-android/issues/63.
Thank you!