GHSA-rc7h-x6cq-988q

Source

https://github.com/advisories/GHSA-rc7h-x6cq-988q

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-rc7h-x6cq-988q/GHSA-rc7h-x6cq-988q.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-rc7h-x6cq-988q

Aliases

CVE-2016-2141

Published

2022-05-13T01:03:31Z

Modified

2024-03-09T05:19:09.364064Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Improper Input Validation in JGroups

Details

JGroups before 4.0 does not require the proper headers for the ENCRYPT and AUTH protocols from nodes joining the cluster, which allows remote attackers to bypass security restrictions and send and receive messages within the cluster via unspecified vectors. Fixes for this issue have been backported to versions 3.6.10.Final and 3.2.16.Final.

Database specific

{
    "nvd_published_at": "2016-06-30T16:59:00Z",
    "cwe_ids": [
        "CWE-20"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-06T20:02:18Z"
}

References

Affected packages

Maven / org.jgroups:jgroups

Package

Name: org.jgroups:jgroups; View open source insights on deps.dev
Purl: pkg:maven/org.jgroups/jgroups

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.3.0.Alpha1

Fixed

3.6.10.Final

Affected versions

3.*

3.3.0.Alpha1

3.3.0.Alpha2

3.3.0.Beta1

3.3.0.Beta2

3.3.0.Beta3

3.3.0.CR1

3.3.0.CR2

3.3.0.Final

3.3.1.Final

3.3.2.Final

3.3.3.Final

3.3.4.Final

3.3.5.Final

3.3.6.Final

3.4.0.Alpha1

3.4.0.Alpha2

3.4.0.Alpha3

3.4.0.Beta1

3.4.0.Final

3.4.1.Final

3.4.2.Final

3.4.3.Final

3.4.4.Final

3.4.5.Final

3.4.6.Final

3.4.7.Final

3.4.8.Final

3.5.0.Alpha1

3.5.0.Beta1

3.5.0.Beta2

3.5.0.Beta3

3.5.0.Beta4

3.5.0.Beta5

3.5.0.Beta6

3.5.0.Beta7

3.5.0.Beta8

3.5.0.Beta9

3.5.0.CR1

3.5.0.CR2

3.5.0.Final

3.5.1.Final

3.6.0.Final

3.6.1.Final

3.6.2.Final

3.6.3.Final

3.6.4

3.6.4.Final

3.6.5.Final

3.6.6.Final

3.6.7.Final

3.6.8.Final

3.6.9.Final

Maven / org.jgroups:jgroups

Package

Name: org.jgroups:jgroups; View open source insights on deps.dev
Purl: pkg:maven/org.jgroups/jgroups

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.2.16.Final

Affected versions

2.*

2.6.17.GA

2.6.20.Final

2.6.21.Final

2.6.22.Final

2.10.0.CR1

2.10.0.GA

2.10.1.GA

2.11.0.Alpha1

2.11.0.Alpha2

2.11.0.Alpha3

2.11.0.Alpha4

2.11.0.Beta1

2.11.0.Beta2

2.11.0.GA

2.11.1.Final

2.12.0.Alpha1

2.12.0.Alpha2

2.12.0.Beta1

2.12.0.CR1

2.12.0.CR2

2.12.0.CR3

2.12.0.CR4

2.12.0.CR5

2.12.0.CR6

2.12.0.Final

2.12.1.Final

2.12.1.1.Final

2.12.1.2.Final

2.12.1.3.Final

2.12.2.Final

2.12.3.Final

3.*

3.0.0.Beta1

3.0.0.CR1

3.0.0.CR3

3.0.0.CR4

3.0.0.CR5

3.0.0.Final

3.0.1.Final

3.0.2.Final

3.0.3.Final

3.0.4.Final

3.0.5.Final

3.0.6.Final

3.0.7.Final

3.0.8.Final

3.0.9.Final

3.0.10.Final

3.0.11.Final

3.0.12.Final

3.0.13.Final

3.0.14.Final

3.0.16.Final

3.1.0.Alpha1

3.1.0.Alpha2

3.1.0.Alpha3

3.1.0.Beta

3.1.0.Beta1

3.1.0.Final

3.2.0.Alpha1

3.2.0.Alpha2

3.2.0.Alpha3

3.2.0.Beta1

3.2.0.CR1

3.2.0.CR2

3.2.0.Final

3.2.1.Final

3.2.2.Final

3.2.3.Final

3.2.4.Final

3.2.5.Final

3.2.6.Final

3.2.7.Final

3.2.8.Final

3.2.9.Final

3.2.10.Final

3.2.11.Final

3.2.12.Final

3.2.13.Final