org.bouncycastle:bcprov-jdk15on Vulnerability found in io.github.bonigarcia:[email protected] #1093
Labels
Comments
|
Yes, unfortunately, the docker-java team is not very responsive regarding bumping vulnerable dependencies. See #916, docker-java/docker-java#1974, and docker-java/docker-java#2037. |
|
This problem should be fixed with WebDriverManager 5.5.0, just released. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description of the problem: A vulnerability found in io.github.bonigarcia:[email protected]
Browser and version: chrome browser version 115
Operating system: amazon linux
WebDriverManager version: io.github.bonigarcia:[email protected]
WebDriverManager call:
WebDriverManager traces: Detailed paths
Introduced through: io.github.bonigarcia:[email protected] › com.github.docker-java:[email protected] › com.github.docker-java:[email protected] › org.bouncycastle:[email protected] › org.bouncycastle:[email protected]
https://security.snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-5771339?_gl=1%2a1skwzn2%2a_ga%2aMTYzOTI4OTcxLjE2NjkyODMxMjk.%2a_ga_X9SH3KP7B4%2aMTY5MTEzOTE0OC45LjEuMTY5MTEzOTk4NS4wLjAuMA..
org.bouncycastle:bcprov-jdk15on is a Java implementation of cryptographic algorithms.
Affected versions of this package are vulnerable to Information Exposure due to missing validation for the X.500 name of any certificate, subject, or issuer. The presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain unauthorized information via blind LDAP Injection, exploring the environment and enumerating data.
Note:
The exploit depends on the structure of the target LDAP directory as well as what kind of errors are exposed to the user.
The text was updated successfully, but these errors were encountered: