search

finos / TimeBase-CE

High performance time series database
https://timebase.info
Apache License 2.0
112 stars 21 forks source link

CVE-2021-27906 (Medium) detected in pdfbox-2.0.11.jar - autoclosed #139

Closed mend-for-github-com[bot] closed 3 years ago

mend-for-github-com[bot] commented 3 years ago

CVE-2021-27906 - Medium Severity Vulnerability

Vulnerable Library - pdfbox-2.0.11.jar

The Apache PDFBox library is an open source Java tool for working with PDF documents.

Path to dependency file: TimeBase/java/installer/build.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.apache.pdfbox/pdfbox/2.0.11/eb7e033d9ae41bd4f0b83681bc5dc01c2488d250/pdfbox-2.0.11.jar

Dependency Hierarchy: - izpack-compiler-5.1.3.jar (Root Library) - tika-parsers-1.19.jar - :x: **pdfbox-2.0.11.jar** (Vulnerable Library)

Found in HEAD commit: 76d75f5eb2971c940ed61bb66cd24661abe01546

Found in base branch: main

Vulnerability Details

A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.

Publish Date: 2021-03-19

URL: CVE-2021-27906

CVSS 3 Score Details (5.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27906

Release Date: 2021-03-19

Fix Resolution: org.apache.pdfbox:pdfbox:2.0.23

mend-for-github-com[bot] commented 3 years ago

:heavy_check_mark: This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory.