mend-bolt-for-github[bot]
commented
3 years ago :information_source: This issue was automatically closed by WhiteSource because it is a duplicate of an existing issue: #75
Closed mend-bolt-for-github[bot] closed 3 years ago
mend-bolt-for-github[bot]
commented
3 years ago :information_source: This issue was automatically closed by WhiteSource because it is a duplicate of an existing issue: #75
WS-2010-0001 - Medium Severity Vulnerability
common-codec-1.3.jar
Common codecs for Java Agent Development Framework
path: /root/.m2/repository/commons-codec/commons-codec/1.3/commons-codec-1.3.jar
Library home page: http://jakarta.apache.org/commons/codec/
Dependency Hierarchy: - myfaces-impl-1.1.2.jar (Root Library) - :x: **common-codec-1.3.jar** (Vulnerable Library)commons-codec-1.2.jar
The codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.
path: /root/.m2/repository/commons-codec/commons-codec/1.2/commons-codec-1.2.jar
Dependency Hierarchy: - commons-httpclient-3.1.jar (Root Library) - :x: **commons-codec-1.2.jar** (Vulnerable Library)
Found in HEAD commit: 1d3a9da2b49a075b9122e05e19a483fc66b5aaf4
Base64 encode() method is no longer thread-safe in Apache Commons Codec before version 1.7, which might disclose the wrong data or allow an attacker to change non-private fields.
Publish Date: 2010-02-26
URL: WS-2010-0001
Base Score Metrics not available
Type: Upgrade version
Origin: https://issues.apache.org/jira/browse/CODEC-96
Release Date: 2017-01-31
Fix Resolution: 1.7
Step up your Open Source Security Game with WhiteSource here