Skip to content

skylot jadx affected by Incorrect Behavior Order in vulnerable dependency

Moderate severity GitHub Reviewed Published Jul 20, 2022 in skylot/jadx • Updated Jan 12, 2023

Package

maven io.github.skylot:jadx-core (Maven)

Affected versions

<= 1.4.2

Patched versions

1.4.3

Description

Impact

Vulnerable library protobuf-java 3.11.4 (CVE-2021-22569)

Patches

Dependency updated in jadx 1.4.3

References

According to the AquaSecurity report:
05F1C52A666E4FCC844ABD085BD55124

Also, Maven repository have links to this and other vulnerabilities from dependencies:
https://mvnrepository.com/artifact/com.google.protobuf/protobuf-java/3.11.4

References

@skylot skylot published to skylot/jadx Jul 20, 2022
Published to the GitHub Advisory Database Jul 21, 2022
Reviewed Jul 21, 2022
Last updated Jan 12, 2023

Severity

Moderate

Weaknesses

CVE ID

No known CVE

GHSA ID

GHSA-fjh6-p566-wr6q

Source code

Credits

Checking history
See something to contribute? Suggest improvements for this vulnerability.