Описание
Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0.
An out-of-bounds (OOB) write flaw was found in Apache Commons BCEL API. This flaw can be used to produce arbitrary bytecode and may abuse applications that pass attacker-controlled data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected.
Отчет
Fuse 7 ships the code in question but does not utilize it in the product, so it is affected at a reduced impact of Moderate.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Migration Toolkit for Applications 6 | org.jboss.windup-windup-cli-parent | Affected | ||
| Migration Toolkit for Runtimes | org.jboss.windup.plugin-windup-maven-plugin | Affected | ||
| Migration Toolkit for Runtimes | org.jboss.windup.plugin-windup-maven-plugin-parent | Affected | ||
| Migration Toolkit for Runtimes | org.jboss.windup.rules-windup-rulesets | Affected | ||
| Migration Toolkit for Runtimes | org.jboss.windup.rules-windup-rulesets-parent | Affected | ||
| Migration Toolkit for Runtimes | org.jboss.windup.web-windup-web-parent | Affected | ||
| Migration Toolkit for Runtimes | org.jboss.windup-windup-cli-parent | Affected | ||
| Red Hat Data Grid 8 | apache-bcel | Not affected | ||
| Red Hat Integration Camel K 1 | apache-bcel | Not affected | ||
| Red Hat JBoss Data Grid 7 | apache-bcel | Out of support scope |
Показывать по
Дополнительная информация
Статус:
8.1 High
CVSS3
Связанные уязвимости
Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0.
Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0.
Apache Commons BCEL has a number of APIs that would normally only allo ...
8.1 High
CVSS3