Apache Software Foundation Commons BCEL 6.0 Release Candidate 7

CPE Details

Apache Software Foundation Commons BCEL 6.0 Release Candidate 7
apache
commons_bcel
6.0
2022-11-07
13h17 +00:00
2022-11-07
18h08 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:apache:commons_bcel:6.0:rc7:*:*:*:*:*:*

Informations

Vendor

apache

Product

commons_bcel

Version

6.0

Update

rc7

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-42920 2022-11-06 23h00 +00:00 Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0.
9.8
Critical
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.