Medium: janino

🗓️ 26 Jul 2023 00:00:00Reported by AmazonType

amazon

amazon🔗 alas.aws.amazon.com👁 3 Views

janino versions 3.1.9 and earlier vulnerable to denial of service via expression evaluator method.

Reporter	Title	Published	Views	Family All 25
IBM Security Bulletins	Security Bulletin: IBM Operational Decision Manager for May 2024 - Multiple CVEs addressed	14 Jun 202409:53	–	ibm
ATTACKERKB	CVE-2023-33546	1 Jun 202313:15	–	attackerkb
Circl	CVE-2023-33546	1 Jun 202316:30	–	circl
CNNVD	Janino 缓冲区错误漏洞	1 Jun 202300:00	–	cnnvd
CVE	CVE-2023-33546	1 Jun 202300:00	–	cve
Cvelist	CVE-2023-33546	1 Jun 202300:00	–	cvelist
Debian CVE	CVE-2023-33546	1 Jun 202300:00	–	debiancve
Github Security Blog	janino vulnerable to denial of service due to stack overflow	1 Jun 202315:30	–	github
NVD	CVE-2023-33546	1 Jun 202313:15	–	nvd
OpenVAS	openSUSE: Security Advisory for janino (SUSE-SU-2023:3385-1)	4 Mar 202400:00	–	openvas

OS	OS Version	Architecture	Package	Package Version	Filename
Amazon Linux	2	any	commons-compiler	3.1.7-1.amzn2023.0.2	commons-compiler-3.1.7-1.amzn2023.0.2.noarch.rpm
Amazon Linux	2	any	commons-compiler-jdk	3.1.7-1.amzn2023.0.2	commons-compiler-jdk-3.1.7-1.amzn2023.0.2.noarch.rpm
Amazon Linux	2	any	janino	3.1.7-1.amzn2023.0.2	janino-3.1.7-1.amzn2023.0.2.noarch.rpm
Amazon Linux	2	any	janino-javadoc	3.1.7-1.amzn2023.0.2	janino-javadoc-3.1.7-1.amzn2023.0.2.noarch.rpm

26 Jul 2023 00:00Current

5.6Medium risk

Vulners AI Score5.6

CVSS 3.15.5

EPSS0.00032

SSVC

janino vulnerability denial of service expression evaluator update cve-2023-33546