Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1jNHBtLTYzY2ctOWo3aM4AAwNS

Yauaa vulnerable to ArrayIndexOutOfBoundsException triggered by a crafted Sec-Ch-Ua-Full-Version-List

Impact

Applications using the Client Hints analysis feature introduced with 7.0.0 can crash because the Yauaa library throws an ArrayIndexOutOfBoundsException. Applications that do not use this feature are not affected.

Patches

Upgrade to 7.9.0

Workarounds

Catch and discard any exceptions from Yauaa.

Permalink: https://github.com/advisories/GHSA-c4pm-63cg-9j7h
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jNHBtLTYzY2ctOWo3aM4AAwNS
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 6 months ago
Updated: 4 months ago

CVSS Score: 8.6
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Identifiers: GHSA-c4pm-63cg-9j7h, CVE-2022-23496
References:

Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS1jNHBtLTYzY2ctOWo3aM4AAwNS

Impact

Patches

Workarounds

Affected Packages

maven:nl.basjes.parse.useragent:yauaa-trino

maven:nl.basjes.parse.useragent:yauaa-snowflake

maven:nl.basjes.parse.useragent:yauaa-nifi-processors

maven:nl.basjes.parse.useragent:yauaa-logparser

maven:nl.basjes.parse.useragent:yauaa-hive

maven:nl.basjes.parse.useragent:yauaa-flink-table

maven:nl.basjes.parse.useragent:yauaa-flink

maven:nl.basjes.parse.useragent:yauaa-elasticsearch-8

maven:nl.basjes.parse.useragent:yauaa-elasticsearch

maven:nl.basjes.parse.useragent:yauaa-drill

maven:nl.basjes.parse.useragent:yauaa-beam-sql

maven:nl.basjes.parse.useragent:yauaa-beam

maven:nl.basjes.parse.useragent:yauaa