Fluid Attacks Database

Description

Reversible One-Way Hash in io.github.javaezlib:JavaEZ

Impact

This weakness allows the force decryption of locked text by hackers. The issue is NOT critical for non-secure applications, however may be critical in a situation where the highest levels of security are required. This issue ONLY affects v1.6 and does not affect anything pre-1.6. Upgrading to 1.7 is advised.

Patches

The vulnerability has been patched in release 1.7.

Workarounds

Currently there is no way to fix the issue without upgrading.

References

CWE-327 CWE-328

For more information

If you have any questions or comments about this advisory:

Open an issue in our issue tracker

Email us at [email protected]

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
maven	io.github.javaezlib:javaez	=1.6 \|\| >=1.6 <1.7	1.7

Aliases

1. CVE-2022-292492. NVD-2022-292493. OSV-2022-292494. GHSA-67fj-6w6m-w5j85. GCVE-2022-29249

References

1. https://github.com/JavaEZLib/JavaEZ/security/advisories/GHSA-67fj-6w6m-w5j82. https://github.com/JavaEZLib/JavaEZ/releases/tag/1.7

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.