Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-c4pm-63cg-9j7h: Yauaa vulnerable to ArrayIndexOutOfBoundsException triggered by a crafted Sec-Ch-Ua-Full-Version-List

Impact

Applications using the Client Hints analysis feature introduced with 7.0.0 can crash because the Yauaa library throws an ArrayIndexOutOfBoundsException.

Applications that do not use this feature are not affected.

Patches

Upgrade to 7.9.0

Workarounds

Catch and discard any exceptions from Yauaa.

ghsa
#sql#java#maven

Package

maven nl.basjes.parse.useragent:yauaa (Maven)

Affected versions

>= 7.0.0, < 7.9.0

maven nl.basjes.parse.useragent:yauaa-beam (Maven)

maven nl.basjes.parse.useragent:yauaa-beam-sql (Maven)

maven nl.basjes.parse.useragent:yauaa-drill (Maven)

maven nl.basjes.parse.useragent:yauaa-elasticsearch (Maven)

maven nl.basjes.parse.useragent:yauaa-elasticsearch-8 (Maven)

maven nl.basjes.parse.useragent:yauaa-flink (Maven)

maven nl.basjes.parse.useragent:yauaa-flink-table (Maven)

maven nl.basjes.parse.useragent:yauaa-hive (Maven)

maven nl.basjes.parse.useragent:yauaa-logparser (Maven)

maven nl.basjes.parse.useragent:yauaa-nifi-processors (Maven)

maven nl.basjes.parse.useragent:yauaa-snowflake (Maven)

maven nl.basjes.parse.useragent:yauaa-trino (Maven)

ghsa: Latest News

GHSA-gppm-hq3p-h4rp: Git credentials are exposed in Atlantis logs