Headline
GHSA-c4pm-63cg-9j7h: Yauaa vulnerable to ArrayIndexOutOfBoundsException triggered by a crafted Sec-Ch-Ua-Full-Version-List
Impact
Applications using the Client Hints analysis feature introduced with 7.0.0 can crash because the Yauaa library throws an ArrayIndexOutOfBoundsException.
Applications that do not use this feature are not affected.
Patches
Upgrade to 7.9.0
Workarounds
Catch and discard any exceptions from Yauaa.
Package
maven nl.basjes.parse.useragent:yauaa (Maven)
Affected versions
>= 7.0.0, < 7.9.0
maven nl.basjes.parse.useragent:yauaa-beam (Maven)
maven nl.basjes.parse.useragent:yauaa-beam-sql (Maven)
maven nl.basjes.parse.useragent:yauaa-drill (Maven)
maven nl.basjes.parse.useragent:yauaa-elasticsearch (Maven)
maven nl.basjes.parse.useragent:yauaa-elasticsearch-8 (Maven)
maven nl.basjes.parse.useragent:yauaa-flink (Maven)
maven nl.basjes.parse.useragent:yauaa-flink-table (Maven)
maven nl.basjes.parse.useragent:yauaa-hive (Maven)
maven nl.basjes.parse.useragent:yauaa-logparser (Maven)
maven nl.basjes.parse.useragent:yauaa-nifi-processors (Maven)
maven nl.basjes.parse.useragent:yauaa-snowflake (Maven)
maven nl.basjes.parse.useragent:yauaa-trino (Maven)