dnsjava is an implementation of DNS in Java. It supports all defined record types (including the DNSSEC types), and unknown types. It can be used for queries, zone transfers, and dynamic updates. It includes a cache which can be used by clients, and a minimal implementation of a server. It supports TSIG authenticated messages, partial DNSSEC verification, and EDNS0.
Path to dependency file: /hadoop-common-project/hadoop-registry/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/dnsjava/dnsjava/2.1.7/dnsjava-2.1.7.jar,/home/wss-scanner/.m2/repository/dnsjava/dnsjava/2.1.7/dnsjava-2.1.7.jar,/home/wss-scanner/.m2/repository/dnsjava/dnsjava/2.1.7/dnsjava-2.1.7.jar,/home/wss-scanner/.m2/repository/dnsjava/dnsjava/2.1.7/dnsjava-2.1.7.jar
dnsjava is an implementation of DNS in Java. It supports all defined record types (including the DNSSEC types), and unknown types. It can be used for queries, zone transfers, and dynamic updates. It includes a cache which can be used by clients, and a minimal implementation of a server. It supports TSIG authenticated messages, partial DNSSEC verification, and EDNS0.
Path to dependency file: /hadoop-common-project/hadoop-registry/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/dnsjava/dnsjava/2.1.7/dnsjava-2.1.7.jar,/home/wss-scanner/.m2/repository/dnsjava/dnsjava/2.1.7/dnsjava-2.1.7.jar,/home/wss-scanner/.m2/repository/dnsjava/dnsjava/2.1.7/dnsjava-2.1.7.jar,/home/wss-scanner/.m2/repository/dnsjava/dnsjava/2.1.7/dnsjava-2.1.7.jar
dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability is fixed in 3.6.0.
dnsjava is an implementation of DNS in Java. It supports all defined record types (including the DNSSEC types), and unknown types. It can be used for queries, zone transfers, and dynamic updates. It includes a cache which can be used by clients, and a minimal implementation of a server. It supports TSIG authenticated messages, partial DNSSEC verification, and EDNS0.
Library home page: http://www.dnsjava.org
Path to dependency file: /hadoop-common-project/hadoop-registry/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/dnsjava/dnsjava/2.1.7/dnsjava-2.1.7.jar,/home/wss-scanner/.m2/repository/dnsjava/dnsjava/2.1.7/dnsjava-2.1.7.jar,/home/wss-scanner/.m2/repository/dnsjava/dnsjava/2.1.7/dnsjava-2.1.7.jar,/home/wss-scanner/.m2/repository/dnsjava/dnsjava/2.1.7/dnsjava-2.1.7.jar
Found in HEAD commit: 470f1f88c503c0d5abfd3273f348b226d6b3cfbc
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2024-25638
### Vulnerable Library - dnsjava-2.1.7.jardnsjava is an implementation of DNS in Java. It supports all defined record types (including the DNSSEC types), and unknown types. It can be used for queries, zone transfers, and dynamic updates. It includes a cache which can be used by clients, and a minimal implementation of a server. It supports TSIG authenticated messages, partial DNSSEC verification, and EDNS0.
Library home page: http://www.dnsjava.org
Path to dependency file: /hadoop-common-project/hadoop-registry/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/dnsjava/dnsjava/2.1.7/dnsjava-2.1.7.jar,/home/wss-scanner/.m2/repository/dnsjava/dnsjava/2.1.7/dnsjava-2.1.7.jar,/home/wss-scanner/.m2/repository/dnsjava/dnsjava/2.1.7/dnsjava-2.1.7.jar,/home/wss-scanner/.m2/repository/dnsjava/dnsjava/2.1.7/dnsjava-2.1.7.jar
Dependency Hierarchy: - :x: **dnsjava-2.1.7.jar** (Vulnerable Library)
Found in HEAD commit: 470f1f88c503c0d5abfd3273f348b226d6b3cfbc
Found in base branch: hubspot-3.3
### Vulnerability Detailsdnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability is fixed in 3.6.0.
Publish Date: 2024-07-22
URL: CVE-2024-25638
### Threat AssessmentExploit Maturity: Not Defined
EPSS: 0.0%
### CVSS 3 Score Details (8.9)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Changed - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: Low
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://github.com/dnsjava/dnsjava/security/advisories/GHSA-cfxw-4h78-h7fw
Release Date: 2024-07-22
Fix Resolution: 3.6.0
:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.:rescue_worker_helmet:Automatic Remediation will be attempted for this issue.