GHSA-cc62-496p-hrr7

Source

https://github.com/advisories/GHSA-cc62-496p-hrr7

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-cc62-496p-hrr7/GHSA-cc62-496p-hrr7.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-cc62-496p-hrr7

Aliases

CVE-2013-4112

Published

2022-05-17T04:50:16Z

Modified

2023-11-08T03:57:19.935521Z

Summary

Exposure of Sensitive Information to an Unauthorized Actor in JGroup

Details

The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials.

References

Affected packages

Maven / org.jgroups:jgroups

Package

Name: org.jgroups:jgroups; View open source insights on deps.dev
Purl: pkg:maven/org.jgroups/jgroups

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.0.0

Fixed

3.2.9.Final

Affected versions

3.*

3.0.0.Final

3.0.1.Final

3.0.2.Final

3.0.3.Final

3.0.4.Final

3.0.5.Final

3.0.6.Final

3.0.7.Final

3.0.8.Final

3.0.9.Final

3.0.10.Final

3.0.11.Final

3.0.12.Final

3.0.13.Final

3.0.14.Final

3.0.16.Final

3.1.0.Alpha1

3.1.0.Alpha2

3.1.0.Alpha3

3.1.0.Beta

3.1.0.Beta1

3.1.0.Final

3.2.0.Alpha1

3.2.0.Alpha2

3.2.0.Alpha3

3.2.0.Beta1

3.2.0.CR1

3.2.0.CR2

3.2.0.Final

3.2.1.Final

3.2.2.Final

3.2.3.Final

3.2.4.Final

3.2.5.Final

3.2.6.Final

3.2.7.Final

3.2.8.Final

Database specific

{
    "last_known_affected_version_range": "<= 3.2.8.Final"
}

Maven / org.jgroups:jgroups

Package

Name: org.jgroups:jgroups; View open source insights on deps.dev
Purl: pkg:maven/org.jgroups/jgroups

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.3.0

Fixed

3.3.3.Final

Affected versions

3.*

3.3.0.Final

3.3.1.Final

3.3.2.Final

Database specific

{
    "last_known_affected_version_range": "<= 3.3.2.Final"
}