Dependencycheck: aws-json-protocol-2.13.76.jar Vulnerabilities

Created on 23 Sep 2020  路  3Comments  路  Source: jeremylong/DependencyCheck

Describe the bug
We are seeing Vulnerability on latest NVD for aws-json-protocol-2.13.76.jar

reference link:
https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Ajson_project&cpe_product=cpe%3A%2F%3Ajson_project%3Ajson&cpe_version=cpe%3A%2F%3Ajson_project%3Ajson%3A2.13.76

Log file

CWE-78 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
his affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function.
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVSSv2:
Base Score: MEDIUM (6.5)
Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSSv3:
Base Score: HIGH (7.2)
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Regards
Raghunath

To Reproduce
Steps to reproduce the behavior:

  1. Go to '...'
  2. Click on '....'
  3. Scroll down to '....'
  4. See error

Expected behavior
A clear and concise description of what you expected to happen.

Additional context
Add any other context about the problem here.

bug
Source
picture RaghunathE

All 3 comments

Can you check on 6.0.2? This is possibly fixed along with #2794

chadlwilson picture chadlwilson on 4 Oct 2020
👍1

This has been fixed in code and will be released in 6.0.3.

jeremylong picture jeremylong on 5 Oct 2020

Can you check on 6.0.2? This is possibly fixed along with #2794

Resolved in 6.0.2

RaghunathE picture RaghunathE on 12 Oct 2020
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

tediroca picture tediroca  路  3Comments
javixeneize picture javixeneize  路  4Comments
jkrusic19 picture jkrusic19  路  3Comments
tediroca picture tediroca  路  4Comments
agisbert picture agisbert  路  4Comments