JavaEZ is a library that adds new functions to make Java easier. A weakness in JavaEZ 1.6 allows force decryption of locked text by…
GitHub_M·CWE-327·Published 2022-05-24
JavaEZ is a library that adds new functions to make Java easier. A weakness in JavaEZ 1.6 allows force decryption of locked text by unauthorized actors. The issue is NOT critical for non-secure applications, however may be critical in a situation where the highest levels of security are required. This issue ONLY affects v1.6 and does not affect anything pre-1.6. The vulnerability has been patched in release 1.7. Currently, there is no way to fix the issue without upgrading.
JavaEZ is a library that adds new functions to make Java easier. A weakness in JavaEZ 1.6 allows force decryption of locked text by unauthorized actors. The issue is NOT critical for non-secure applications, however may be critical in a situation where the highest levels of security are required. This issue ONLY affects v1.6 and does not affect anything pre-1.6. The vulnerability has been patched in release 1.7. Currently, there is no way to fix the issue without upgrading.
### Impact This weakness allows the force decryption of locked text by hackers. The issue is NOT critical for non-secure applications, however may be critical in a situation where the highest levels of security are required. This issue ONLY affects v1.6 and does not affect anything pre-1.6. Upgrading to 1.7 is advised. ### Patches The vulnerability has been patched in release 1.7. ### Workarounds Currently there is no way to fix the issue without upgrading. ### References [CWE-327](https://cwe.mitre.org/data/definitions/327.html) [CWE-328](https://cwe.mitre.org/data/definitions/328.html) ### For more information If you have any questions or comments about this advisory: * Open an issue in [our issue tracker](http://github.com/JavaEZLib/JavaEZ/issues) * Email us at [javaezlib@gmail.com](mailto:javaezlib@gmail.com)
### Impact This weakness allows the force decryption of locked text by hackers. The issue is NOT critical for non-secure applications, however may be critical in a situation where the highest levels of security are required. This issue ONLY affects v1.6 and does not affect anything pre-1.6. Upgrading to 1.7 is advised. ### Patches The vulnerability has been patched in release 1.7. ### Workarounds Currently there is no way to fix the issue without upgrading. ### References [CWE-327](https://cwe.mitre.org/data/definitions/327.html) [CWE-328](https://cwe.mitre.org/data/definitions/328.html) ### For more information If you have any questions or comments about this advisory: * Open an issue in [our issue tracker](http://github.com/JavaEZLib/JavaEZ/issues) * Email us at [javaezlib@gmail.com](mailto:javaezlib@gmail.com)
JavaEZ es una biblioteca que añade nuevas funciones para facilitar el uso de Java. Una debilidad en JavaEZ versión 1.6 permite forzar el descifrado de texto bloqueado por actores no autorizados. El problema NO es crítico para aplicaciones no seguras, sin embargo puede ser crítico en una situación en la que son requeridos los más altos niveles de seguridad. Este problema afecta SOLO a la versión v1.6 y no afecta a nada en versiones anteriores a 1.6. La vulnerabilidad ha sido parcheada en versión 1.7. Actualmente, no se presenta forma de arreglar el problema sin actualizar
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 5.0 | 10.0 | 2.9 | AV:N/AC:L/Au:N/C:P/I:N/A:N |
| 3.1 | Primary | cve.org | 7.5 | — | — | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| 3.1 | Primary | NVD | 7.5 | 3.9 | 3.6 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| 3.1 | Primary | cve.org | 7.5 | — | — | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| 3.1 | Secondary | GHSA | 7.5 | — | — | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| 3.1 | Secondary | NVD | 7.5 | 3.9 | 3.6 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |