GHSA-c4pm-63cg-9j7h

Suggest an improvement
Source
https://github.com/advisories/GHSA-c4pm-63cg-9j7h
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-c4pm-63cg-9j7h/GHSA-c4pm-63cg-9j7h.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-c4pm-63cg-9j7h
Aliases
Published
2022-12-08T15:52:54Z
Modified
2023-11-01T04:57:52.470067Z
Severity
  • 8.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H CVSS Calculator
Summary
Yauaa vulnerable to ArrayIndexOutOfBoundsException triggered by a crafted Sec-Ch-Ua-Full-Version-List
Details

Impact

Applications using the Client Hints analysis feature introduced with 7.0.0 can crash because the Yauaa library throws an ArrayIndexOutOfBoundsException. Applications that do not use this feature are not affected.

Patches

Upgrade to 7.9.0

Workarounds

Catch and discard any exceptions from Yauaa.

Database specific
{
    "nvd_published_at": "2022-12-08T22:15:00Z",
    "github_reviewed_at": "2022-12-08T15:52:54Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-755"
    ]
}
References

Affected packages

Maven / nl.basjes.parse.useragent:yauaa

Package

Name
nl.basjes.parse.useragent:yauaa
View open source insights on deps.dev
Purl
pkg:maven/nl.basjes.parse.useragent/yauaa

Affected ranges

Type
ECOSYSTEM
Events
Introduced
7.0.0
Fixed
7.9.0

Affected versions

7.*

7.0.0
7.1.0
7.2.0
7.3.0
7.4.0
7.5.0
7.6.0
7.7.0
7.8.0

Maven / nl.basjes.parse.useragent:yauaa-beam

Package

Name
nl.basjes.parse.useragent:yauaa-beam
View open source insights on deps.dev
Purl
pkg:maven/nl.basjes.parse.useragent/yauaa-beam

Affected ranges

Type
ECOSYSTEM
Events
Introduced
7.0.0
Fixed
7.9.0

Affected versions

7.*

7.0.0
7.1.0
7.2.0
7.3.0
7.4.0
7.5.0
7.6.0
7.7.0
7.8.0

Maven / nl.basjes.parse.useragent:yauaa-beam-sql

Package

Name
nl.basjes.parse.useragent:yauaa-beam-sql
View open source insights on deps.dev
Purl
pkg:maven/nl.basjes.parse.useragent/yauaa-beam-sql

Affected ranges

Type
ECOSYSTEM
Events
Introduced
7.0.0
Fixed
7.9.0

Affected versions

7.*

7.0.0
7.1.0
7.2.0
7.3.0
7.4.0
7.5.0
7.6.0
7.7.0
7.8.0

Maven / nl.basjes.parse.useragent:yauaa-drill

Package

Name
nl.basjes.parse.useragent:yauaa-drill
View open source insights on deps.dev
Purl
pkg:maven/nl.basjes.parse.useragent/yauaa-drill

Affected ranges

Type
ECOSYSTEM
Events
Introduced
7.0.0
Fixed
7.9.0

Affected versions

7.*

7.0.0
7.1.0
7.2.0
7.3.0
7.4.0
7.5.0
7.6.0
7.7.0
7.8.0

Maven / nl.basjes.parse.useragent:yauaa-elasticsearch

Package

Name
nl.basjes.parse.useragent:yauaa-elasticsearch
View open source insights on deps.dev
Purl
pkg:maven/nl.basjes.parse.useragent/yauaa-elasticsearch

Affected ranges

Type
ECOSYSTEM
Events
Introduced
7.0.0
Fixed
7.9.0

Affected versions

7.*

7.0.0
7.1.0
7.2.0
7.3.0
7.4.0
7.5.0
7.6.0
7.7.0
7.8.0

Maven / nl.basjes.parse.useragent:yauaa-elasticsearch-8

Package

Name
nl.basjes.parse.useragent:yauaa-elasticsearch-8
View open source insights on deps.dev
Purl
pkg:maven/nl.basjes.parse.useragent/yauaa-elasticsearch-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
7.0.0
Fixed
7.9.0

Affected versions

7.*

7.0.0
7.1.0
7.2.0
7.3.0
7.4.0
7.5.0
7.6.0
7.7.0
7.8.0

Maven / nl.basjes.parse.useragent:yauaa-flink

Package

Name
nl.basjes.parse.useragent:yauaa-flink
View open source insights on deps.dev
Purl
pkg:maven/nl.basjes.parse.useragent/yauaa-flink

Affected ranges

Type
ECOSYSTEM
Events
Introduced
7.0.0
Fixed
7.9.0

Affected versions

7.*

7.0.0
7.1.0
7.2.0
7.3.0
7.4.0
7.5.0
7.6.0
7.7.0
7.8.0

Maven / nl.basjes.parse.useragent:yauaa-flink-table

Package

Name
nl.basjes.parse.useragent:yauaa-flink-table
View open source insights on deps.dev
Purl
pkg:maven/nl.basjes.parse.useragent/yauaa-flink-table

Affected ranges

Type
ECOSYSTEM
Events
Introduced
7.0.0
Fixed
7.9.0

Affected versions

7.*

7.0.0
7.1.0
7.2.0
7.3.0
7.4.0
7.5.0
7.6.0
7.7.0
7.8.0

Maven / nl.basjes.parse.useragent:yauaa-hive

Package

Name
nl.basjes.parse.useragent:yauaa-hive
View open source insights on deps.dev
Purl
pkg:maven/nl.basjes.parse.useragent/yauaa-hive

Affected ranges

Type
ECOSYSTEM
Events
Introduced
7.0.0
Fixed
7.9.0

Affected versions

7.*

7.0.0
7.1.0
7.2.0
7.3.0
7.4.0
7.5.0
7.6.0
7.7.0
7.8.0

Maven / nl.basjes.parse.useragent:yauaa-logparser

Package

Name
nl.basjes.parse.useragent:yauaa-logparser
View open source insights on deps.dev
Purl
pkg:maven/nl.basjes.parse.useragent/yauaa-logparser

Affected ranges

Type
ECOSYSTEM
Events
Introduced
7.0.0
Fixed
7.9.0

Affected versions

7.*

7.0.0
7.1.0
7.2.0
7.3.0
7.4.0
7.5.0
7.6.0
7.7.0
7.8.0

Maven / nl.basjes.parse.useragent:yauaa-nifi-processors

Package

Name
nl.basjes.parse.useragent:yauaa-nifi-processors
View open source insights on deps.dev
Purl
pkg:maven/nl.basjes.parse.useragent/yauaa-nifi-processors

Affected ranges

Type
ECOSYSTEM
Events
Introduced
7.0.0
Fixed
7.9.0

Maven / nl.basjes.parse.useragent:yauaa-snowflake

Package

Name
nl.basjes.parse.useragent:yauaa-snowflake
View open source insights on deps.dev
Purl
pkg:maven/nl.basjes.parse.useragent/yauaa-snowflake

Affected ranges

Type
ECOSYSTEM
Events
Introduced
7.0.0
Fixed
7.9.0

Affected versions

7.*

7.0.0
7.1.0
7.2.0
7.3.0
7.4.0
7.5.0
7.6.0
7.7.0
7.8.0

Maven / nl.basjes.parse.useragent:yauaa-trino

Package

Name
nl.basjes.parse.useragent:yauaa-trino
View open source insights on deps.dev
Purl
pkg:maven/nl.basjes.parse.useragent/yauaa-trino

Affected ranges

Type
ECOSYSTEM
Events
Introduced
7.0.0
Fixed
7.9.0

Affected versions

7.*

7.0.0
7.1.0
7.2.0
7.3.0
7.4.0
7.5.0
7.6.0
7.7.0
7.8.0