jtidy-r938.jar: 1 vulnerabilities (highest severity is: 7.5) #80
Description
Vulnerable Library - jtidy-r938.jar
JTidy is a Java port of HTML Tidy, a HTML syntax checker and pretty printer. Like its non-Java cousin, JTidy can be used as a tool for cleaning up malformed and faulty HTML. In addition, JTidy provides a DOM interface to the document that is being processed, which effectively makes you able to use JTidy as a DOM parser for real-world HTML.
Library home page: http://sourceforge.net
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/net/sf/jtidy/jtidy/r938/jtidy-r938.jar,/target/owaspSecurityShepherd/WEB-INF/lib/jtidy-r938.jar
Found in HEAD commit: d036c7c5d23c484d9f8c12b1cc9fbbb1b20e6338
Vulnerabilities
| Vulnerability | Severity |  CVSS |
Dependency | Type | Fixed in (jtidy-r938.jar version) | Remediation Possible** |
|---|---|---|---|---|---|---|
| CVE-2023-34623 |  High |
7.5 | jtidy-r938.jar | Direct | com.github.jtidy:jtidy:1.0.4,techdivision/techdivision_magentounittesting - no_fix,net.sf.jtidy:jtidy:no_fix,com.github.jtidy:jtidy:1.0.4,JMeter - no_fix | ✅ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2023-34623
Vulnerable Library - jtidy-r938.jar
JTidy is a Java port of HTML Tidy, a HTML syntax checker and pretty printer. Like its non-Java cousin, JTidy can be used as a tool for cleaning up malformed and faulty HTML. In addition, JTidy provides a DOM interface to the document that is being processed, which effectively makes you able to use JTidy as a DOM parser for real-world HTML.
Library home page: http://sourceforge.net
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/net/sf/jtidy/jtidy/r938/jtidy-r938.jar,/target/owaspSecurityShepherd/WEB-INF/lib/jtidy-r938.jar
Dependency Hierarchy:
- ❌ jtidy-r938.jar (Vulnerable Library)
Found in HEAD commit: d036c7c5d23c484d9f8c12b1cc9fbbb1b20e6338
Found in base branch: dev
Vulnerability Details
An issue was discovered jtidy thru r938 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
Publish Date: 2023-06-14
URL: CVE-2023-34623
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Release Date: 2023-06-14
Fix Resolution: com.github.jtidy:jtidy:1.0.4,techdivision/techdivision_magentounittesting - no_fix,net.sf.jtidy:jtidy:no_fix,com.github.jtidy:jtidy:1.0.4,JMeter - no_fix
⛑️ Automatic Remediation will be attempted for this issue.
⛑️Automatic Remediation will be attempted for this issue.