1. Home
  2. Security Advisories
  3. Maven
  4. MAVEN:GHSA-FJH6-P566-WR6Q

[MAVEN:GHSA-FJH6-P566-WR6Q] skylot jadx affected by Incorrect Behavior Order in vulnerable dependency

Severity Moderate
Affected Packages 1
Fixed Packages 1
Info Packages References

Impact

Vulnerable library protobuf-java 3.11.4 (CVE-2021-22569)

Patches

Dependency updated in jadx 1.4.3

References

According to the AquaSecurity report:
05F1C52A666E4FCC844ABD085BD55124

Also, Maven repository have links to this and other vulnerabilities from dependencies:
https://mvnrepository.com/artifact/com.google.protobuf/protobuf-java/3.11.4

Package Affected Version
pkg:maven/io.github.skylot/jadx-core <= 1.4.2
Package Fixed Version
pkg:maven/io.github.skylot/jadx-core = 1.4.3
ID
MAVEN:GHSA-FJH6-P566-WR6Q
Severity
moderate
URL
https://github.com/advisories/GHSA-fjh6-p566-wr6q
Published
2022-07-21T22:35:12
(2 years ago)
Modified
2023-01-12T05:02:56
(20 months ago)
Rights
Maven Security Team
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:maven/io.github.skylot/jadx-core io.github.skylot jadx-core <= 1.4.2
Fixed pkg:maven/io.github.skylot/jadx-core io.github.skylot jadx-core = 1.4.3