The codec package contains simple encoder and decoders for
various formats such as Base64 and Hexadecimal. In addition to these
widely used encoders and decoders, the codec package also maintains a
collection of phonetic encoding utilities.
Base64 encode() method is no longer thread-safe in Apache Commons Codec before version 1.7, which might disclose the wrong data or allow an attacker to change non-private fields.
WS-2010-0001 - Medium Severity Vulnerability
The codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.
Library home page: http://commons.apache.org/codec/
Path to dependency file: /tibco-streaming-maven-plugin/ep-maven/pom.xml
Path to vulnerable library: /root/.m2/repository/commons-codec/commons-codec/1.6/commons-codec-1.6.jar
Dependency Hierarchy: - maven-assembly-plugin-3.1.1.jar (Root Library) - :x: **commons-codec-1.6.jar** (Vulnerable Library)
Found in HEAD commit: 1c0c1fb657845073b28de98c18338a5a470b0586
Base64 encode() method is no longer thread-safe in Apache Commons Codec before version 1.7, which might disclose the wrong data or allow an attacker to change non-private fields.
Publish Date: 2010-02-26
URL: WS-2010-0001
Base Score Metrics not available
Type: Upgrade version
Origin: https://issues.apache.org/jira/browse/CODEC-96
Release Date: 2017-01-31
Fix Resolution: 1.7