[
https://issues.apache.org/jira/browse/AVRO-3151?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Peter Rozovski updated AVRO-3151:
---------------------------------
Description:
Black Duck scan identifies SEV-4 vulnerability for Apache Avro 1.10.2
|Description|Component Apache Avro_1.10.2 is vulnerable to Improper Check for
Unusual or Exceptional Conditions|
|Path| |
| | |
|Scanner Detail|Connect2id Nimbus JOSE+JWT before v7.9 can throw various
uncaught exceptions while parsing a JWT, which could result in an application
crash (potential information disclosure) or a potential authentication bypass.|
was:
Black Duck scan identifies SEV-4 vulnerability for Apache Avro 1.10.2
|Description|Component Apache Avro_1.10.2 is vulnerable to |
|Path|/vuln/CVE-2019-17195|
|Parameter|Apache Avro_1.10.2: CVE-2019-17195|
|Scanner Detail|Connect2id Nimbus JOSE+JWT before v7.9 can throw various
uncaught exceptions while parsing a JWT, which could result in an application
crash (potential information disclosure) or a potential authentication bypass.|
> Black Duck SEV-4 issue "Improper Check for Unusual or Exceptional Conditions"
> for Apache Avro 1.10.2
> -----------------------------------------------------------------------------------------------------
>
> Key: AVRO-3151
> URL: https://issues.apache.org/jira/browse/AVRO-3151
> Project: Apache Avro
> Issue Type: Bug
> Components: java
> Affects Versions: 1.10.2
> Reporter: Peter Rozovski
> Priority: Major
>
> Black Duck scan identifies SEV-4 vulnerability for Apache Avro 1.10.2
>
> |Description|Component Apache Avro_1.10.2 is vulnerable to Improper Check for
> Unusual or Exceptional Conditions|
> |Path| |
> | | |
> |Scanner Detail|Connect2id Nimbus JOSE+JWT before v7.9 can throw various
> uncaught exceptions while parsing a JWT, which could result in an application
> crash (potential information disclosure) or a potential authentication
> bypass.|
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
