[MAVEN:GHSA-FJH6-P566-WR6Q] skylot jadx affected by Incorrect Behavior Order in vulnerable dependency
Severity
Moderate
Affected Packages
1
Fixed Packages
1
Impact
Vulnerable library protobuf-java 3.11.4 (CVE-2021-22569)
Patches
Dependency updated in jadx 1.4.3
References
According to the AquaSecurity report:
Also, Maven repository have links to this and other vulnerabilities from dependencies:
https://mvnrepository.com/artifact/com.google.protobuf/protobuf-java/3.11.4
Package | Affected Version |
---|---|
pkg:maven/io.github.skylot/jadx-core | <= 1.4.2 |
Package | Fixed Version |
---|---|
pkg:maven/io.github.skylot/jadx-core | = 1.4.3 |
- ID
- MAVEN:GHSA-FJH6-P566-WR6Q
- Severity
- moderate
- URL
- https://github.com/advisories/GHSA-fjh6-p566-wr6q
- Published
-
2022-07-21T22:35:12
(2 years ago) - Modified
-
2023-01-12T05:02:56
(20 months ago) - Rights
- Maven Security Team