CVE-2023-5685 (High) detected in xnio-api-3.8.8.Final.jar

[mend-bolt-for-github[bot]]

CVE-2023-5685 - High Severity Vulnerability

Vulnerable Library - xnio-api-3.8.8.Final.jar

The API JAR of the XNIO project

Library home page: http://www.jboss.org/xnio

Path to dependency file: /services/businessconfig/build.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jboss.xnio/xnio-api/3.8.8.Final/1ba9c8b9a8dea1c6cd656155943e6d4c2c631fa7/xnio-api-3.8.8.Final.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jboss.xnio/xnio-api/3.8.8.Final/1ba9c8b9a8dea1c6cd656155943e6d4c2c631fa7/xnio-api-3.8.8.Final.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jboss.xnio/xnio-api/3.8.8.Final/1ba9c8b9a8dea1c6cd656155943e6d4c2c631fa7/xnio-api-3.8.8.Final.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jboss.xnio/xnio-api/3.8.8.Final/1ba9c8b9a8dea1c6cd656155943e6d4c2c631fa7/xnio-api-3.8.8.Final.jar

Dependency Hierarchy:

• spring-boot-starter-undertow-3.3.2.jar (Root Library)
  • undertow-core-2.3.13.Final.jar
    • :x: xnio-api-3.8.8.Final.jar (Vulnerable Library)

Found in HEAD commit: f878d4e3700978ab3ede9696d0fb223004862e20

Found in base branch: develop

Vulnerability Details

A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).

Publish Date: 2024-03-22

URL: CVE-2023-5685

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

For more information on CVSS3 Scores, click here.

---

Step up your Open Source Security Game with Mend here