Skip to content

bugs #15078 (sedalib): fix SigningType#89

Merged
Regzox merged 1 commit intomasterfrom
bugs_15078
Sep 11, 2025
Merged

bugs #15078 (sedalib): fix SigningType#89
Regzox merged 1 commit intomasterfrom
bugs_15078

Conversation

@Regzox
Copy link
Contributor

@Regzox Regzox commented Sep 10, 2025

No description provided.

@Regzox Regzox self-assigned this Sep 10, 2025
@Regzox Regzox added the bug Something isn't working label Sep 10, 2025
@vitam-prg
Copy link

vitam-prg commented Sep 10, 2025

Logo
Checkmarx One – Scan Summary & Detailse8997236-6282-444e-b6d5-923c22403c56

New Issues (5)

Checkmarx found the following issues in this Pull Request

Severity Issue Source File / Package Checkmarx Insight
HIGH CVE-2025-54988 Maven-org.apache.tika:tika-core-3.1.0
detailsRecommended version: 3.2.2
Description: Critical XXE (XML External Entity Injection) vulnerability in Apache Tika (tika-parser-pdf-module) in Apache Tika 1.13 through 3.2.1 on all platfor...
Attack Vector: LOCAL
Attack Complexity: LOW

ID: lt%2Ffyj5gcgf%2BGqPthBDZQmGz%2BCafxkP0OyIYAAZSN8M%3D
Vulnerable Package
MEDIUM CVE-2025-48924 Maven-org.apache.commons:commons-lang3-3.14.0
detailsRecommended version: 3.16.0.redhat-00002
Description: Uncontrolled Recursion vulnerability in Apache Commons Lang. The methods `ClassUtils.getClass(...)` can `throwStackOverflowError` on very long inpu...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: FzYv2%2FBGzQ3fka94baapRlHof5jziLw%2BvQKOUuUBJHg%3D
Vulnerable Package
MEDIUM CVE-2025-48924 Maven-org.apache.commons:commons-lang3-3.17.0
detailsRecommended version: 3.18.0
Description: Uncontrolled Recursion vulnerability in Apache Commons Lang. The methods `ClassUtils.getClass(...)` can `throwStackOverflowError` on very long inpu...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: wVGVYk2l5XUsSCEMkMu8NQCC4uMml7c%2BJ9hzIkyNkr0%3D
Vulnerable Package
MEDIUM CVE-2025-48924 Maven-commons-lang:commons-lang-2.6
detailsRecommended version: 2.7-atlassian-1
Description: Uncontrolled Recursion vulnerability in Apache Commons Lang. The methods `ClassUtils.getClass(...)` can `throwStackOverflowError` on very long inpu...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: yfxRNdOf%2BZe4Bv%2B9xeNrYvVdCSswZP1SHI29oNOQPWI%3D
Vulnerable Package
MEDIUM CVE-2025-7962 Maven-org.eclipse.angus:angus-mail-2.0.3
detailsRecommended version: 2.0.4
Description: In Jakarta Mail through 2.0.3 it is possible to preform a SMTP Injection by utilizing the"\r" and "\n" UTF-8 characters to separate different messa...
Attack Vector: NETWORK
Attack Complexity: HIGH

ID: AGvLiTNOPdLDWB2k5r1%2FqXe6AoReRPO5Majm8CxFQtw%3D
Vulnerable Package
Fixed Issues (1)

Great job! The following issues were fixed in this Pull Request

Severity Issue Source File / Package
MEDIUM Unchecked_Input_for_Loop_Condition /resip/src/main/java/fr/gouv/vitam/tools/resip/frame/XmlEditDialog.java: 433

@Regzox Regzox merged commit ae8130b into master Sep 11, 2025
2 checks passed
@Regzox Regzox deleted the bugs_15078 branch September 11, 2025 16:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Salimdev Salimdev Salimdev approved these changes

Assignees

@Regzox Regzox

Labels

bug Something isn't working

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Regzox @vitam-prg @Salimdev