Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1nY2c2LXh2NGYtZjc0Oc4AAzk8
janino vulnerable to denial of service due to stack overflow
janino 3.1.9 and earlier is subject to denial of service (DOS) attacks when using the expression evaluator.guess parameter name method. If the parser runs on user-supplied input, an attacker could supply content that causes the parser to crash due to a stack overflow.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1nY2c2LXh2NGYtZjc0Oc4AAzk8
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 12 months ago
Updated: 6 months ago
CVSS Score: 5.5
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Identifiers: GHSA-gcg6-xv4f-f749, CVE-2023-33546
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-33546
- https://github.com/janino-compiler/janino/issues/201
- https://janino-compiler.github.io/janino/#security
- https://github.com/advisories/GHSA-gcg6-xv4f-f749
Blast Radius: 2.6
Affected Packages
maven:org.codehaus.janino:janino-parent
Dependent packages: 0Dependent repositories: 3
Downloads:
Affected Version Ranges: <= 3.1.9
No known fixed version
All affected versions: 2.6.1, 2.7.4, 2.7.5, 2.7.6, 2.7.7, 2.7.8, 3.0.0, 3.0.1, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, 3.0.12, 3.0.13, 3.0.14, 3.0.15, 3.0.16, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.6, 3.1.7, 3.1.8, 3.1.9