CVE-2022-29249

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-29249

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-29249.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-29249

Aliases

GHSA-67fj-6w6m-w5j8

Published

2022-05-24T16:15:07Z

Modified

2024-05-14T11:50:52.800187Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

JavaEZ is a library that adds new functions to make Java easier. A weakness in JavaEZ 1.6 allows force decryption of locked text by unauthorized actors. The issue is NOT critical for non-secure applications, however may be critical in a situation where the highest levels of security are required. This issue ONLY affects v1.6 and does not affect anything pre-1.6. The vulnerability has been patched in release 1.7. Currently, there is no way to fix the issue without upgrading.

References

Affected packages

Git / github.com/javaezlib/javaez

Affected ranges

Type: GIT
Repo: https://github.com/javaezlib/javaez
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

91ad30207b655d26c7b92ad4cafab9c2d3166404

Affected versions

1.*

1.0

1.1

1.2

1.3

1.4

1.5

1.6