The scope of this CVE affected version is [,2.0.21) || [2.1.0,2.1.1)
After further analysis, in this project, the main Api called is <org.apache.mina.filter.buffer.BufferedWriteFilter: void internalFlush(org.apache.mina.core.filterchain.IoFilter$NextFilter,org.apache.mina.core.session.IoSession,org.apache.mina.core.buffer.IoBuffer)>
<org.apache.mina.filter.buffer.BufferedWriteFilter: void internalFlush(org.apache.mina.core.filterchain.IoFilter$NextFilter,org.apache.mina.core.session.IoSession,org.apache.mina.core.buffer.IoBuffer)>
at <org.apache.mina.filter.buffer.BufferedWriteFilter: void write(org.apache.mina.core.session.IoSession,org.apache.mina.core.buffer.IoBuffer,org.apache.mina.core.buffer.IoBuffer)> (org.apache.mina.filter.buffer.BufferedWriteFilter.java:[169, 174]) in /.m2/repository/org/apache/mina/mina-core/2.0.16/mina-core-2.0.16.jar
at <org.apache.mina.filter.buffer.BufferedWriteFilter: void write(org.apache.mina.core.session.IoSession,org.apache.mina.core.buffer.IoBuffer)> (org.apache.mina.filter.buffer.BufferedWriteFilter.java:[147]) in /.m2/repository/org/apache/mina/mina-core/2.0.16/mina-core-2.0.16.jar
at <org.apache.mina.filter.buffer.BufferedWriteFilter: void filterWrite(org.apache.mina.core.filterchain.IoFilter$NextFilter,org.apache.mina.core.session.IoSession,org.apache.mina.core.write.WriteRequest)> (org.apache.mina.filter.buffer.BufferedWriteFilter.java:[132]) in /.m2/repository/org/apache/mina/mina-core/2.0.16/mina-core-2.0.16.jar
at <org.apache.mina.core.filterchain.DefaultIoFilterChain: void callPreviousFilterWrite(org.apache.mina.core.filterchain.IoFilterChain$Entry,org.apache.mina.core.session.IoSession,org.apache.mina.core.write.WriteRequest)> (org.apache.mina.core.filterchain.DefaultIoFilterChain.java:[629]) in /.m2/repository/org/apache/mina/mina-core/2.0.16/mina-core-2.0.16.jar
at <org.apache.mina.core.filterchain.DefaultIoFilterChain: void fireFilterWrite(org.apache.mina.core.write.WriteRequest)> (org.apache.mina.core.filterchain.DefaultIoFilterChain.java:[622]) in /.m2/repository/org/apache/mina/mina-core/2.0.16/mina-core-2.0.16.jar
at <org.apache.mina.core.session.AbstractIoSession: org.apache.mina.core.future.WriteFuture write(java.lang.Object,java.net.SocketAddress)> (org.apache.mina.core.session.AbstractIoSession.java:[574]) in /.m2/repository/org/apache/mina/mina-core/2.0.16/mina-core-2.0.16.jar
at <org.apache.mina.core.session.AbstractIoSession: org.apache.mina.core.future.WriteFuture write(java.lang.Object)> (org.apache.mina.core.session.AbstractIoSession.java:[519]) in /.m2/repository/org/apache/mina/mina-core/2.0.16/mina-core-2.0.16.jar
at <org.apache.directory.server.ldap.LdapServer: void stop()> (org.apache.directory.server.ldap.LdapServer.java:[622]) in /.m2/repository/org/apache/directory/server/apacheds-protocol-ldap/2.0.0-M24/apacheds-protocol-ldap-2.0.0-M24.jar
at <simpleldap.SimpleLdapServer: void stop()> (simpleldap.SimpleLdapServer.java:[129]) in /detect/unzip/hazelcast-code-samples-master/enterprise/ldap-authentication/target/classes
Hi, In hazelcast-code-samples-master/enterprise/ldap-authentication,there is a dependency org.apache.mina:mina-core:2.0.16 that calls the risk method.
CVE-2019-0231
The scope of this CVE affected version is [,2.0.21) || [2.1.0,2.1.1)
After further analysis, in this project, the main Api called is <org.apache.mina.filter.buffer.BufferedWriteFilter: void internalFlush(org.apache.mina.core.filterchain.IoFilter$NextFilter,org.apache.mina.core.session.IoSession,org.apache.mina.core.buffer.IoBuffer)>
Risk method repair link : GitHub
CVE Bug Invocation Path--
Path Length : 10
Dependency tree--
Suggested solutions:
Update dependency version
Thank you very much.