The Apache Commons Codec package contains simple encoder and decoders for
various formats such as Base64 and Hexadecimal. In addition to these
widely used encoders and decoders, the codec package also maintains a
collection of phonetic encoding utilities.
Not all "business" method implementations of public API in Apache Commons Codec 1.x are thread safe, which might disclose the wrong data or allow an attacker to change non-private fields.Updated 2018-10-07 - an additional review by WhiteSource research team could not indicate on a clear security vulnerability.
WS-2009-0001 - Medium Severity Vulnerability
Vulnerable Library - commons-codec-1.10.jar
The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.
Library home page: http://commons.apache.org/proper/commons-codec/
Path to dependency file: /tmp/ws-scm/robotframework-seleniumlibrary-java/pom.xml
Path to vulnerable library: /root/.m2/repository/commons-codec/commons-codec/1.10/commons-codec-1.10.jar
Dependency Hierarchy: - java-client-7.0.0.jar (Root Library) - httpclient-4.5.6.jar - :x: **commons-codec-1.10.jar** (Vulnerable Library)
Found in HEAD commit: f8ae4f5c1a10993085551488fc1ef8ce2222b7fb
Vulnerability Details
Not all "business" method implementations of public API in Apache Commons Codec 1.x are thread safe, which might disclose the wrong data or allow an attacker to change non-private fields.Updated 2018-10-07 - an additional review by WhiteSource research team could not indicate on a clear security vulnerability.
Publish Date: 2007-10-07
URL: WS-2009-0001
CVSS 2 Score Details (4.8)
Base Score Metrics not available
Step up your Open Source Security Game with WhiteSource here