Outdated version of cJSON used by aws-cpp-sdk-core contains security vulnerabilities
dkalinowski opened this issue · 5 comments
This project uses cJSON version v1.7.7.
v1.7.11 introduced security issue fix for cJSON_Minify
function: https://github.com/DaveGamble/cJSON/releases/tag/v1.7.11
CVE-2019-11835 cJSON before 1.7.11 allows out-of-bounds access, related to multiline comments.
CVE-2019-11834 cJSON before 1.7.11 allows out-of-bounds access, related to \x00 in a string literal.
⚠️ COMMENT VISIBILITY WARNING⚠️
Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.
- 🚴♀️@zteckjob
- 🚴♀️@zteckjob
●●
AMAZON CODE:123282.
DATE:2021-06-28.
ACCOUNT NUMBER:172-82512-12311-PRIORITY CODE:ETGTX6QX.
NAME:JOSE REY DABALOS.
CARD ID:#YF087717.
Email: josereyqdabalos0100@gmail.com.
package org.apache.http.entity.mime.content;
public abstract class AbstractContentBody implements ContentBody {
private final String mediaType;
private final String mimeType;
private final String subType;
public AbstractContentBody(String str) {
if (str != null) {
this.mimeType = str;
int indexOf = str.indexOf(47);
if (indexOf != -1) {
this.mediaType = str.substring(0, indexOf);
this.subType = str.substring(indexOf + 1);
return;
}
this.mediaType = str;
this.subType = null;
return;
}
throw new IllegalArgumentException("MIME type may not be null");
}
public String getMediaType() {
return this.mediaType;
}
public String getMimeType() {
return this.mimeType;
}
public String getSubType() {
return this.subType;
}
} /