Symbolk / Code2Graph

Towards converting multilingual source code into one language-agnostic graph representation.
42 stars 7 forks source link

CVE-2024-23078 (Medium) detected in jgrapht-core-1.5.0.jar #175

Open mend-bolt-for-github[bot] opened 6 months ago

mend-bolt-for-github[bot] commented 6 months ago

CVE-2024-23078 - Medium Severity Vulnerability

Vulnerable Library - jgrapht-core-1.5.0.jar

A Java class library for graph-theory data structures and algorithms.

Library home page: http://www.jgrapht.org

Path to dependency file: /gen.html/build.gradle

Path to vulnerable library: /dle/caches/modules-2/files-2.1/org.jgrapht/jgrapht-core/1.5.0/822a36ce09237f067a0278563e642af631e502ee/jgrapht-core-1.5.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jgrapht/jgrapht-core/1.5.0/822a36ce09237f067a0278563e642af631e502ee/jgrapht-core-1.5.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jgrapht/jgrapht-core/1.5.0/822a36ce09237f067a0278563e642af631e502ee/jgrapht-core-1.5.0.jar,/dle/caches/modules-2/files-2.1/org.jgrapht/jgrapht-core/1.5.0/822a36ce09237f067a0278563e642af631e502ee/jgrapht-core-1.5.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jgrapht/jgrapht-core/1.5.0/822a36ce09237f067a0278563e642af631e502ee/jgrapht-core-1.5.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jgrapht/jgrapht-core/1.5.0/822a36ce09237f067a0278563e642af631e502ee/jgrapht-core-1.5.0.jar,/dle/caches/modules-2/files-2.1/org.jgrapht/jgrapht-core/1.5.0/822a36ce09237f067a0278563e642af631e502ee/jgrapht-core-1.5.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jgrapht/jgrapht-core/1.5.0/822a36ce09237f067a0278563e642af631e502ee/jgrapht-core-1.5.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jgrapht/jgrapht-core/1.5.0/822a36ce09237f067a0278563e642af631e502ee/jgrapht-core-1.5.0.jar,/dle/caches/modules-2/files-2.1/org.jgrapht/jgrapht-core/1.5.0/822a36ce09237f067a0278563e642af631e502ee/jgrapht-core-1.5.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jgrapht/jgrapht-core/1.5.0/822a36ce09237f067a0278563e642af631e502ee/jgrapht-core-1.5.0.jar,/dle/caches/modules-2/files-2.1/org.jgrapht/jgrapht-core/1.5.0/822a36ce09237f067a0278563e642af631e502ee/jgrapht-core-1.5.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jgrapht/jgrapht-core/1.5.0/822a36ce09237f067a0278563e642af631e502ee/jgrapht-core-1.5.0.jar,/dle/caches/modules-2/files-2.1/org.jgrapht/jgrapht-core/1.5.0/822a36ce09237f067a0278563e642af631e502ee/jgrapht-core-1.5.0.jar,/dle/caches/modules-2/files-2.1/org.jgrapht/jgrapht-core/1.5.0/822a36ce09237f067a0278563e642af631e502ee/jgrapht-core-1.5.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jgrapht/jgrapht-core/1.5.0/822a36ce09237f067a0278563e642af631e502ee/jgrapht-core-1.5.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jgrapht/jgrapht-core/1.5.0/822a36ce09237f067a0278563e642af631e502ee/jgrapht-core-1.5.0.jar,/dle/caches/modules-2/files-2.1/org.jgrapht/jgrapht-core/1.5.0/822a36ce09237f067a0278563e642af631e502ee/jgrapht-core-1.5.0.jar,/dle/caches/modules-2/files-2.1/org.jgrapht/jgrapht-core/1.5.0/822a36ce09237f067a0278563e642af631e502ee/jgrapht-core-1.5.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jgrapht/jgrapht-core/1.5.0/822a36ce09237f067a0278563e642af631e502ee/jgrapht-core-1.5.0.jar,/dle/caches/modules-2/files-2.1/org.jgrapht/jgrapht-core/1.5.0/822a36ce09237f067a0278563e642af631e502ee/jgrapht-core-1.5.0.jar,/dle/caches/modules-2/files-2.1/org.jgrapht/jgrapht-core/1.5.0/822a36ce09237f067a0278563e642af631e502ee/jgrapht-core-1.5.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jgrapht/jgrapht-core/1.5.0/822a36ce09237f067a0278563e642af631e502ee/jgrapht-core-1.5.0.jar,/dle/caches/modules-2/files-2.1/org.jgrapht/jgrapht-core/1.5.0/822a36ce09237f067a0278563e642af631e502ee/jgrapht-core-1.5.0.jar

Dependency Hierarchy: - :x: **jgrapht-core-1.5.0.jar** (Vulnerable Library)

Found in HEAD commit: 1321c443be3c5e8f97221bdffb8d95eda0aa3c94

Found in base branch: main

Vulnerability Details

JGraphT Core v1.5.2 was discovered to contain a NullPointerException via the component org.jgrapht.alg.util.ToleranceDoubleComparator::compare(Double, Double).

Publish Date: 2024-04-08

URL: CVE-2024-23078

CVSS 3 Score Details (5.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.


Step up your Open Source Security Game with Mend here