Skip to content

Outdated version of cJSON used by aws-cpp-sdk-core contains security vulnerabilities #1594

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dkalinowski opened this issue Mar 18, 2021 · 5 comments
Closed

Outdated version of cJSON used by aws-cpp-sdk-core contains security vulnerabilities #1594

dkalinowski opened this issue Mar 18, 2021 · 5 comments
Labels
pending-release This issue will be fixed by an approved PR that hasn't been released yet.

Comments

@dkalinowski
Copy link

dkalinowski commented Mar 18, 2021
edited
Loading

This project uses cJSON version v1.7.7.
v1.7.11 introduced security issue fix for cJSON_Minify function: https://github.com/DaveGamble/cJSON/releases/tag/v1.7.11

CVE-2019-11835 cJSON before 1.7.11 allows out-of-bounds access, related to multiline comments.
CVE-2019-11834 cJSON before 1.7.11 allows out-of-bounds access, related to \x00 in a string literal.
@dkalinowski dkalinowski mentioned this issue Mar 18, 2021
Closed
11 tasks
@jmklix jmklix added the pending-release This issue will be fixed by an approved PR that hasn't been released yet. label Mar 18, 2021
@jmklix jmklix linked a pull request Mar 18, 2021 that will close this issue
Upgrade cJSON v1.7.7=>v1.7.11 to address security vulnerabilities #1595
Closed
11 tasks
@github-actions
Copy link

github-actions bot commented Jul 8, 2021

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

@Ayse1974
Copy link

Ayse1974 commented Feb 4, 2022

  • 🚴‍♀️@zteckjob

@Ayse1974
Copy link

Ayse1974 commented Feb 4, 2022

  • 🚴‍♀️@zteckjob

●●

@josereyqdabalos0100
Copy link

AMAZON CODE:123282.
DATE:2021-06-28.
ACCOUNT NUMBER:172-82512-12311-PRIORITY CODE:ETGTX6QX.
NAME:JOSE REY DABALOS.
CARD ID:#YF087717.
Email: [email protected].

@johny007jaat
Copy link

package org.apache.http.entity.mime.content;

public abstract class AbstractContentBody implements ContentBody {
private final String mediaType;
private final String mimeType;
private final String subType;

public AbstractContentBody(String str) {
    if (str != null) {
        this.mimeType = str;
        int indexOf = str.indexOf(47);
        if (indexOf != -1) {
            this.mediaType = str.substring(0, indexOf);
            this.subType = str.substring(indexOf + 1);
            return;
        }
        this.mediaType = str;
        this.subType = null;
        return;
    }
    throw new IllegalArgumentException("MIME type may not be null");
}

public String getMediaType() {
    return this.mediaType;
}

public String getMimeType() {
    return this.mimeType;
}

public String getSubType() {
    return this.subType;
}

} /

@jeongukjae jeongukjae mentioned this issue Aug 18, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
pending-release This issue will be fixed by an approved PR that hasn't been released yet.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Upgrade cJSON v1.7.7=>v1.7.11 to address security vulnerabilities dkalinowski/aws-sdk-cpp
7 participants
@jmklix @KaibaLopez @dkalinowski @Ayse1974 @josereyqdabalos0100 @johny007jaat and others