PT-2019-9411 · Apache · Apache Sanselan+1

Guido Vranken

Published

2019-05-06

Updated

2020-08-24

CVE-2018-17201

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Apache Sanselan version 0.97-incubator

Description The issue allows certain input files to cause the code to hang when parsed, potentially leading to a denial-of-service (DoS) attack. Note that Apache Sanselan was later renamed to Apache Commons Imaging.

Recommendations For Apache Sanselan version 0.97-incubator, consider updating to a newer version of Apache Commons Imaging to resolve the issue.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2018-17201

GHSA-RJX9-2936-9FFX

Affected Products

Apache Commons Imaging

Apache Sanselan

PT-2019-9411 · Apache · Apache Sanselan+1

CVE-2018-17201

Weakness Enumeration

Related Identifiers

Affected Products

References · 5