You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@avro.apache.org by "Peter Rozovski (Jira)" <ji...@apache.org> on 2021/05/26 01:33:00 UTC

[jira] [Updated] (AVRO-3151) Black Duck SEV-4 issue "Improper Check for Unusual or Exceptional Conditions" for Apache Avro 1.10.2

     [ https://issues.apache.org/jira/browse/AVRO-3151?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Peter Rozovski updated AVRO-3151:
---------------------------------
    Description: 
Black Duck scan identifies SEV-4 vulnerability for Apache Avro 1.10.2 

 
|Description|Component Apache Avro_1.10.2 is vulnerable to |
|Path|/vuln/CVE-2019-17195|
|Parameter|Apache Avro_1.10.2: CVE-2019-17195|
|Scanner Detail|Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.|

  was:
Black Duck scan identifies SEV-4 vulnerability for Apache Avro 1.10.2 

 
|Description|Component Apache Avro_1.10.2 is vulnerable to CVE-2019-17195. Please see https://vss.wellsfargo.net/vuln/CVE-2019-17195 for more information.|
|Path|/vuln/CVE-2019-17195|
|Parameter|Apache Avro_1.10.2: CVE-2019-17195|
|Scanner Detail|Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.|


> Black Duck SEV-4 issue "Improper Check for Unusual or Exceptional Conditions" for Apache Avro 1.10.2 
> -----------------------------------------------------------------------------------------------------
>
>                 Key: AVRO-3151
>                 URL: https://issues.apache.org/jira/browse/AVRO-3151
>             Project: Apache Avro
>          Issue Type: Bug
>          Components: java
>    Affects Versions: 1.10.2
>            Reporter: Peter Rozovski
>            Priority: Major
>
> Black Duck scan identifies SEV-4 vulnerability for Apache Avro 1.10.2 
>  
> |Description|Component Apache Avro_1.10.2 is vulnerable to |
> |Path|/vuln/CVE-2019-17195|
> |Parameter|Apache Avro_1.10.2: CVE-2019-17195|
> |Scanner Detail|Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.|



--
This message was sent by Atlassian Jira
(v8.3.4#803005)