OSV-2024-1388

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/sigstore-java/OSV-2024-1388.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2024-1388

Published

2024-12-18T00:02:54.357847Z

Modified

2024-12-18T00:02:54.358393Z

Summary

Security exception in com.google.gson.internal.bind.TypeAdapters$28.write

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=384541935

Crash type: Security exception
Crash state:
com.google.gson.internal.bind.TypeAdapters$28.write
com.google.gson.JsonElement.isJsonPrimitive
com.google.gson.JsonElement.getAsJsonPrimitive

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=384541935

Affected packages

OSS-Fuzz / sigstore-java

Package

Name: sigstore-java
Purl: pkg:generic/sigstore-java

Affected ranges

Type: GIT
Repo: https://github.com/sigstore/sigstore-java
Events: Introduced

e3b4402a08d9e93601296165ed2b48ea1a4543a9

Fixed

ea34dcaaad4224158601acb461e0db7b67f2b541

Affected versions

v0.*

v0.10.0

v0.11.0

v0.12.0

v0.9.0

v1.*

v1.0.0

v1.1.0

v1.2.0

Ecosystem specific

{
    "severity": "LOW"
}

Database specific

fixed_range

"0edeaccd2c471edbc81337cd71121aaeb3be355a:ea34dcaaad4224158601acb461e0db7b67f2b541"

introduced_range

"a180ace90f7dce3bba11e47221788a3f33fee29c:ae185caedeb69ef97b15eaaee8ac1e40e27293c6"

source

"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/sigstore-java/OSV-2024-1388.yaml"