Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseGHSA-fjh6-p566-wr6q
GHSA-fjh6-p566-wr6q:
Java vulnerability analysis and mitigation
Overview
The vulnerability GHSA-fjh6-p566-wr6q affects the skylot/jadx project through its dependency on protobuf-java version 3.11.4. The issue was published on July 20, 2022, and was classified as a moderate severity vulnerability. The affected package is the Maven dependency io.github.skylot:jadx-core, specifically versions less than or equal to 1.4.2 (GitHub Advisory).
Technical details
The vulnerability is related to an Incorrect Behavior Order (CWE-696) in the protobuf-java dependency version 3.11.4. The issue is tracked as CVE-2021-22569 (GitHub Advisory).
Impact
The vulnerability affects the jadx-core package and its dependent components. However, specific impact details are not provided in the available sources.
Mitigation and workarounds
The vulnerability has been patched in jadx version 1.4.3. For the underlying protobuf-java dependency, patched versions include 3.16.1, 3.18.2, and 3.19.2. Users are advised to upgrade to jadx version 1.4.3 or later to resolve this security issue (Jadx Release).
Additional resources
Source: This report was generated using AI
Related Java vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management