2 matches found
at.datenwort.commons:jmodel2ts-app (>=0.1 <=0.12), ch.heia-fr.isc.data-cockpit:experiments (>=1.0.0 <=1.1.0) +974 more potentially affected by CVE-2022-42920 via org.apache.bcel:bcel (>=5.2 <=6.5.0)
org.apache.bcel:bcel MAVEN version =5.2, =0.1, =1.0.0, =1.0.1, =1.0.0, =0.1.4-jdk17-RELEASES, =4.2.1, =0.0.1, =1.1.0, =0.2.0, =0.1.31, =0.5.0, =0.5.0, =1.10.0, =2.0.0, =3.0.0.rc1, =3.2.1 and more Source cves: CVE-2022-42920 Source advisory: OSV:GHSA-97XG-PHPR-RG8Q...
UBUNTU-CVE-2022-42920
Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those...