[jira] [Updated] (CASSANDRA-18723) bcprov-jdk15on-1.70.jar vulnerability: CVE-2023-33201

Brandon Williams (Jira) Fri, 04 Aug 2023 06:19:19 -0700


     [ 
https://issues.apache.org/jira/browse/CASSANDRA-18723?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Brandon Williams updated CASSANDRA-18723:
-----------------------------------------
    Test and Documentation Plan: run dependency-check
                         Status: Patch Available  (was: Open)

> bcprov-jdk15on-1.70.jar vulnerability: CVE-2023-33201
> -----------------------------------------------------
>
>                 Key: CASSANDRA-18723
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-18723
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Dependencies
>            Reporter: Brandon Williams
>            Assignee: Brandon Williams
>            Priority: Normal
>             Fix For: 5.x
>
>
> https://nvd.nist.gov/vuln/detail/CVE-2023-33201
> {quote}
> Bouncy Castle For Java before 1.74 is affected by an LDAP injection 
> vulnerability. The vulnerability only affects applications that use an LDAP 
> CertStore from Bouncy Castle to validate X.509 certificates. During the 
> certificate validation process, Bouncy Castle inserts the certificate's 
> Subject Name into an LDAP search filter without any escaping, which leads to 
> an LDAP injection vulnerability.
> {quote}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

[jira] [Updated] (CASSANDRA-18723) bcprov-jdk15on-1.70.jar vulnerability: CVE-2023-33201

Reply via email to