diff options
author | Fabian Meumertzheim <meumertzheim@code-intelligence.com> | 2021-03-08 08:33:37 +0100 |
---|---|---|
committer | Fabian Meumertzheim <fabian@meumertzhe.im> | 2021-03-08 08:45:24 +0100 |
commit | e884cf54fe9b70dcbef1aff3c94f1bb5d08949c8 (patch) | |
tree | a49a1e7a616fff71691c66fd5754aa12c0c5cb41 /README.md | |
parent | 47fbf240da2d1b703f4fda93e6133973e79e4bfd (diff) | |
download | jazzer-api-e884cf54fe9b70dcbef1aff3c94f1bb5d08949c8.tar.gz |
Add Apache Commons Compress findings
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 3 |
1 files changed, 3 insertions, 0 deletions
@@ -120,6 +120,9 @@ Jazzer has so far uncovered the following vulnerabilities and bugs: | [OWASP/json-sanitizer](https://github.com/OWASP/json-sanitizer) | Output can contain`</script>` and `]]>`, which allows XSS | [fixed](https://groups.google.com/g/json-sanitizer-support/c/dAW1AeNMoA0) | [CVE-2021-23899](https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-23899) | [Code Intelligence](https://code-intelligence.com) | | [OWASP/json-sanitizer](https://github.com/OWASP/json-sanitizer) | Output can be invalid JSON and undeclared exceptions can be thrown | [fixed](https://groups.google.com/g/json-sanitizer-support/c/dAW1AeNMoA0) | [CVE-2021-23900](https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-23900) | [Code Intelligence](https://code-intelligence.com) | | [netplex/json-smart-v1](https://github.com/netplex/json-smart-v1) <br/> [netplex/json-smart-v2](https://github.com/netplex/json-smart-v2) | `JSONParser#parse` throws an undeclared exception | [reported](https://github.com/netplex/json-smart-v2/issues/60) | [CVE-2021-27568](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27568) | [@GanbaruTobi](https://github.com/GanbaruTobi) | +| [Apache/commons-compress](https://commons.apache.org/proper/commons-compress/) | Infinite loop and `OutOfMemoryError` in `TarFile` | [fixed](https://issues.apache.org/jira/browse/COMPRESS-569) || [Code Intelligence](https://code-intelligence.com) | +| [Apache/commons-compress](https://commons.apache.org/proper/commons-compress/) | `IllegalArgumentException` in `ZipFile`| [reported](https://issues.apache.org/jira/browse/COMPRESS-567) || [Code Intelligence](https://code-intelligence.com) | +| [Apache/commons-compress](https://commons.apache.org/proper/commons-compress/) | `NullPointerException` in `ZipFile`| [fixed](https://issues.apache.org/jira/browse/COMPRESS-568) || [Code Intelligence](https://code-intelligence.com) | | [FasterXML/jackson-dataformats-binary](https://github.com/FasterXML/jackson-dataformats-binary) | `CBORParser` throws an undeclared exception due to missing bounds checks when parsing Unicode | [fixed](https://github.com/FasterXML/jackson-dataformats-binary/issues/236) | | [Code Intelligence](https://code-intelligence.com) | | [FasterXML/jackson-dataformats-binary](https://github.com/FasterXML/jackson-dataformats-binary) | `CBORParser` throws an undeclared exception on dangling arrays | [fixed](https://github.com/FasterXML/jackson-dataformats-binary/issues/240) | | [Code Intelligence](https://code-intelligence.com) | | [alibaba/fastjon](https://github.com/alibaba/fastjson) | `JSON#parse` throws undeclared exceptions | [reported](https://github.com/alibaba/fastjson/issues/3631) | | [Code Intelligence](https://code-intelligence.com) | |