OSV-2024-288 Security exception in com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=68181 Crash type: Security exception Crash state: com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr java.base/sun.nio.cs.UTF8.updatePositions java.base/sun.nio.cs.UTF8$Encoder.encodeArrayLoop...

PT-2024-40703 · Oracle · Java

Name of the Vulnerable Software and Affected Versions: Checkstyle affected versions not specified Description: A security exception occurs due to a crash in the JavaLanguageParser.expr function. The issue is related to the UTF 8.updatePositions and UTF 8$Encoder.encodeArrayLoop functions in the...

PT-2024-40702 · Oracle · Java

Name of the Vulnerable Software and Affected Versions: Java affected versions not specified Description: A security exception occurs in the JavaLanguageParser statement, specifically in the com.puppycrawl.tools.checkstyle.grammar.java package. The issue involves the weakCompareAndSetInt and...

PT-2024-40700 · Oracle · Java.Base

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A security exception crash was reported, involving the com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr and related Java functions. T...

PT-2024-40553 · Unknown · Checkstyle

Name of the Vulnerable Software and Affected Versions: Checkstyle affected versions not specified Description: A security exception occurs in the JavaLanguageParser.expr function, potentially related to encoding issues in the UTF 8.updatePositions and UTF 8$Encoder.encodeArrayLoop functions...

PT-2023-35672 · Unknown · Checkstyle

Name of the Vulnerable Software and Affected Versions: Checkstyle affected versions not specified Description: A security exception occurs in the JavaLanguageParser.expr function, potentially related to encoding issues in the UTF 8.updatePositions and UTF 8$Encoder.encodeArrayLoop functions...

PT-2023-35660 · Unknown · Checkstyle

Name of the Vulnerable Software and Affected Versions: Checkstyle affected versions not specified Description: A security exception occurs in the JavaLanguageParser.expr function, potentially related to encoding issues in the UTF 8.updatePositions and UTF 8$Encoder.encodeArrayLoop functions...

PT-2023-35614 · Unknown · Checkstyle

Name of the Vulnerable Software and Affected Versions: Checkstyle affected versions not specified Description: A security exception occurs in the JavaLanguageParser.expr function, potentially related to the handling of ByteBuffer positions and UTF-8 updates. Recommendations: At the moment, there ...

OSV-2023-1152 Security exception in com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64130 Crash type: Security exception Crash state: com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr java.base/java.nio.ByteBuffer.position java.base/sun.nio.cs.UTF8.updatePositions...

PT-2023-35580 · Unknown +1 · Com.Puppycrawl.Tools.Checkstyle +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A security exception crash has been reported, involving the com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr and...

PT-2023-35556 · Unknown · Checkstyle

Name of the Vulnerable Software and Affected Versions: Checkstyle affected versions not specified Description: A security exception occurs due to a crash in the getInnerBopAst function of JavaAstVisitor class in Checkstyle. The issue is related to the ReferencePipeline$3$1.accept and...

PT-2023-35924 · Unknown · Checkstyle

Name of the Vulnerable Software and Affected Versions: Checkstyle affected versions not specified Description: A security exception occurs in the JavaLanguageParser.expr function, leading to a crash. The issue is related to the com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr...

PT-2023-35912 · Unknown · Checkstyle

Name of the Vulnerable Software and Affected Versions: Checkstyle affected versions not specified Description: A security exception occurs in the JavaLanguageParser.expr function, leading to a crash. The issue is related to the com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr...

SUSE CVE-2018-1000009

Jenkins Checkstyle Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks...

com.groupon.jenkins-ci.plugins:DotCi-Plugins-Starter-Pack (>=1.7.2 <=1.8.2), com.groupon.jenkins.plugins:DotCi-Plugins-Starter-Pack (>=1.0.0 <=1.7.1) +1 more potentially affected by CVE-2018-1000009 via org.jvnet.hudson.plugins:checkstyle (>=3.32 <=3.43)

org.jvnet.hudson.plugins:checkstyle MAVEN version =3.32, =1.7.2, =1.0.0, =1.7.1 - org.jenkins-ci.plugins:php =1.0 Source cves: CVE-2018-1000009 Source advisory: OSV:GHSA-JFJ9-7J5W-6XGX...

GHSA-JFJ9-7J5W-6XGX XXE vulnerability in Jenkins Checkstyle Plugin

Jenkins Checkstyle Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks...

XXE vulnerability in Jenkins Checkstyle Plugin

Jenkins Checkstyle Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks...

Debian DLA-2099-1 : checkstyle security update

Security researchers from Snyk discovered that the fix for CVE-2019-9658 was incomplete. Checkstyle, a development tool to help programmers write Java code that adheres to a coding standard, was still vulnerable to XML External Entity XXE injection. For Debian 8 'Jessie', this problem has been...

Debian: Security Advisory (DLA-2099-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2099-1] checkstyle security update

Package : checkstyle Version : 5.9-1+deb8u2 CVE ID : CVE-2019-10782 Security researchers from Snyk discovered that the fix for CVE-2019-9658 was incomplete. Checkstyle, a development tool to help programmers write Java code that adheres to a coding standard, was still vulnerable to XML External...