GHSA-cc62-496p-hrr7

Suggest an improvement
Source
https://github.com/advisories/GHSA-cc62-496p-hrr7
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-cc62-496p-hrr7/GHSA-cc62-496p-hrr7.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-cc62-496p-hrr7
Aliases
Published
2022-05-17T04:50:16Z
Modified
2023-11-01T04:45:08.822763Z
Summary
Exposure of Sensitive Information to an Unauthorized Actor in JGroup
Details

The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials.

References

Affected packages

Maven / org.jgroups:jgroups

Package

Name
org.jgroups:jgroups
View open source insights on deps.dev
Purl
pkg:maven/org.jgroups/jgroups

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.0.0
Fixed
3.2.9.Final

Affected versions

3.*

3.0.0.Final
3.0.1.Final
3.0.2.Final
3.0.3.Final
3.0.4.Final
3.0.5.Final
3.0.6.Final
3.0.7.Final
3.0.8.Final
3.0.9.Final
3.0.10.Final
3.0.11.Final
3.0.12.Final
3.0.13.Final
3.0.14.Final
3.0.16.Final
3.1.0.Alpha1
3.1.0.Alpha2
3.1.0.Alpha3
3.1.0.Beta
3.1.0.Beta1
3.1.0.Final
3.2.0.Alpha1
3.2.0.Alpha2
3.2.0.Alpha3
3.2.0.Beta1
3.2.0.CR1
3.2.0.CR2
3.2.0.Final
3.2.1.Final
3.2.2.Final
3.2.3.Final
3.2.4.Final
3.2.5.Final
3.2.6.Final
3.2.7.Final
3.2.8.Final

Database specific

{
    "last_known_affected_version_range": "<= 3.2.8.Final"
}

Maven / org.jgroups:jgroups

Package

Name
org.jgroups:jgroups
View open source insights on deps.dev
Purl
pkg:maven/org.jgroups/jgroups

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.3.0
Fixed
3.3.3.Final

Affected versions

3.*

3.3.0.Final
3.3.1.Final
3.3.2.Final

Database specific

{
    "last_known_affected_version_range": "<= 3.3.2.Final"
}