Exposure of Sensitive Information to an Unauthorized Actor in commons-codec:commons-codec

Cxeb68d52e-5509

commons-codec:commons-codec

Low

3.7/10

Summary

Apache commons-codec before 1.13 is vulnerable to information exposure. The Base32 and Base64 implementation blindly decode invalid string, which can be re-encoded again using the same implementation. This can result in a security exploitation such as tunneling additional information via seemingly valid base 32 strings.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-200 - Information Exposure

An information exposure vulnerability is categorized as an information flow (IF) weakness, which can potentially allow unauthorized access to otherwise classified information in the application, such as confidential personal information (demographics, financials, health records, etc.), business secrets, and the application's internal environment.

References

Advisory Timeline

Published Mar 03, 2012

Exposure of Sensitive Information to an Unauthorized Actor in commons-codec:commons-codec

Cxeb68d52e-5509

Summary

CWE-200 - Information Exposure

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS