You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "Gary D. Gregory (Jira)" <ji...@apache.org> on 2022/07/27 20:01:00 UTC
[jira] [Moved] (NET-713) Apache Commons Net is vulnerable to Information Disclosure - SRCCLR-SID-3636
[ https://issues.apache.org/jira/browse/NET-713?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Gary D. Gregory moved COMMONSSITE-160 to NET-713:
-------------------------------------------------
Key: NET-713 (was: COMMONSSITE-160)
Project: Commons Net (was: Apache Commons All)
> Apache Commons Net is vulnerable to Information Disclosure - SRCCLR-SID-3636
> ----------------------------------------------------------------------------
>
> Key: NET-713
> URL: https://issues.apache.org/jira/browse/NET-713
> Project: Commons Net
> Issue Type: Improvement
> Reporter: phoebe chen
> Priority: Major
>
> Based on [SRCCLR-SID-3636|https://sca.analysiscenter.veracode.com/vulnerability-database/security/sca/vulnerability/sid-3636/summary],
> commons-net is vulnerable to information disclosure. The vulnerability is possible because `newStringUtf8()` in Base64.java does not prevent the storage of sensitive data in a String object which would not be deleted until the JVM performs garbage collection. There is a chance for an attacker to collect sensitive information by dumping the memory when the application has crashed .
> This is a security issue from Veracode.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)