Skip to content

[Bug] Security vulnerability in one of indirect dependencies on service bus Track 1 Java SDK #23225

New issue
New issue
Closed
Azure/autorest-clientruntime-for-java
#706
Closed
[Bug] Security vulnerability in one of indirect dependencies on service bus Track 1 Java SDK#23225
Azure/autorest-clientruntime-for-java
#706
Assignees
joshfreejianghaolu
Labels
Service BusTrack 1dependency-issueIssue that is caused by dependency conflicts
@yvgopal

Description

@yvgopal
yvgopal
opened on Jul 29, 2021

Critical Severity issues reported in third party component (json-smart v2.3) used in com.microsoft.azure:azure-servicebus:3.6.4 component in Java used in our android mobile application.

https://nvd.nist.gov/vuln/detail/CVE-2021-27568

An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash or expose sensitive information.
image

Metadata

Metadata

Assignees

Labels

Service BusTrack 1dependency-issueIssue that is caused by dependency conflicts

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions