Lucene search

Veracode Vulnerability DatabaseVERACODE:44911

HistoryJan 02, 2024 - 7:52 a.m.

Denial Of Service (DoS)

2024-01-0207:52:18

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

denial of service

dos

org.jline

jline-groovy

vulnerability

row size limits

output printing

memory error

groovyengine.execute

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

6.7

Confidence

High

EPSS

Percentile

12.7%

JSON

org.jline, jline-groovy is vulnerable to Denial Of Service (DoS). The vulnerability is due to a lack of row size limits when printing output, resulting in an out of memory error when the groovyEngine.execute method is passed with a crafted input.

References

github.com/jline/jline3/commit/f3c60a3e6255e8e0c20d5043a4fe248446f292bb

github.com/jline/jline3/issues/909

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

6.7

Confidence

High

EPSS

Percentile

12.7%

JSON

Related for VERACODE:44911