The codec package contains simple encoder and decoders for
various formats such as Base64 and Hexadecimal. In addition to these
widely used encoders and decoders, the codec package also maintains a
collection of phonetic encoding utilities.
Not all "business" method implementations of public API in Apache Commons Codec 1.x are thread safe, which might disclose the wrong data or allow an attacker to change non-private fields.
Updated 2018-10-07 - an additional review by WhiteSource research team could not indicate on a clear security vulnerability
WS-2009-0001 - Low Severity Vulnerability
The codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.
Library home page: http://commons.apache.org/codec/
Path to dependency file: /tibco-streaming-maven-plugin/ep-maven/pom.xml
Path to vulnerable library: /root/.m2/repository/commons-codec/commons-codec/1.6/commons-codec-1.6.jar
Dependency Hierarchy: - maven-assembly-plugin-3.1.1.jar (Root Library) - :x: **commons-codec-1.6.jar** (Vulnerable Library)
Found in HEAD commit: 1c0c1fb657845073b28de98c18338a5a470b0586
Not all "business" method implementations of public API in Apache Commons Codec 1.x are thread safe, which might disclose the wrong data or allow an attacker to change non-private fields. Updated 2018-10-07 - an additional review by WhiteSource research team could not indicate on a clear security vulnerability
Publish Date: 2007-10-07
URL: WS-2009-0001
Base Score Metrics not available