GHSA-hmx6-gc2p-5p82
Suggest an improvement- Source
- https://github.com/advisories/GHSA-hmx6-gc2p-5p82
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hmx6-gc2p-5p82/GHSA-hmx6-gc2p-5p82.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-hmx6-gc2p-5p82
- Aliases
-
- CVE-2019-5919
- Published
- 2022-05-13T01:08:15Z
- Modified
- 2024-02-16T08:16:08.742609Z
- Severity
-
- 9.1 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
- Summary
- Nablarch Incomplete Cryptography
- Details
-
An incomplete cryptography of the data store function by using hidden tag in Nablarch 5 (5, and 5u1 to 5u13) allows remote attackers to obtain information of the stored data, to register invalid value, or alter the value via unspecified vectors.
- Database specific
{ "nvd_published_at": "2019-03-12T22:29:00Z", "cwe_ids": [ "CWE-327" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2023-07-19T18:05:17Z" }- References
Affected packages
Maven / com.nablarch.framework:nablarch-fw-web
Package
- Name
- com.nablarch.framework:nablarch-fw-web
- View open source insights on deps.dev
- Purl
- pkg:maven/com.nablarch.framework/nablarch-fw-web