search

amaybaum-prod / atom-hopper

ATOM Hopper - The Java ATOMpub Server
http://atomhopper.org
0 stars 2 forks source link

jtidy-r938.jar: 1 vulnerabilities (highest severity is: 7.5) - autoclosed #33

Closed mend-for-github-com[bot] closed 6 months ago

mend-for-github-com[bot] commented 1 year ago
Vulnerable Library - jtidy-r938.jar

JTidy is a Java port of HTML Tidy, a HTML syntax checker and pretty printer. Like its non-Java cousin, JTidy can be used as a tool for cleaning up malformed and faulty HTML. In addition, JTidy provides a DOM interface to the document that is being processed, which effectively makes you able to use JTidy as a DOM parser for real-world HTML.

Library home page: http://jtidy.sourceforge.net

Path to vulnerable library: /tests/regression/target/jmeter/lib/jtidy-r938.jar

Found in HEAD commit: d0c49807860a8c07c922d8e19168bd6893aad298

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (jtidy-r938.jar version) Remediation Possible** Reachability
CVE-2023-34623 High 7.5 jtidy-r938.jar Direct com.github.jtidy:jtidy:1.0.4

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2023-34623 ### Vulnerable Library - jtidy-r938.jar

JTidy is a Java port of HTML Tidy, a HTML syntax checker and pretty printer. Like its non-Java cousin, JTidy can be used as a tool for cleaning up malformed and faulty HTML. In addition, JTidy provides a DOM interface to the document that is being processed, which effectively makes you able to use JTidy as a DOM parser for real-world HTML.

Library home page: http://jtidy.sourceforge.net

Path to vulnerable library: /tests/regression/target/jmeter/lib/jtidy-r938.jar

Dependency Hierarchy: - :x: **jtidy-r938.jar** (Vulnerable Library)

Found in HEAD commit: d0c49807860a8c07c922d8e19168bd6893aad298

Found in base branch: master

### Vulnerability Details

An issue was discovered jtidy thru r938 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.

Publish Date: 2023-06-14

URL: CVE-2023-34623

### CVSS 3 Score Details (7.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Release Date: 2023-06-14

Fix Resolution: com.github.jtidy:jtidy:1.0.4

mend-for-github-com[bot] commented 6 months ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.