CVE-2013-5035 (Medium) detected in htmlcleaner-2.4.jar #1
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2013-5035 - Medium Severity Vulnerability
HtmlCleaner is an HTML parser written in Java. It transforms dirty HTML to well-formed XML following the same rules that most web-browsers use.
Library home page: http://htmlcleaner.sourceforge.net/
Path to vulnerable library: /cache/net.sourceforge.htmlcleaner/htmlcleaner/jars/htmlcleaner-2.4.jar
Dependency Hierarchy:
Found in HEAD commit: 8eac03065710eeeacc8ff5bd28397cc15a674b57
Multiple race conditions in HtmlCleaner before 2.6, as used in Open-Xchange AppSuite 7.2.2 before rev13 and other products, allow remote authenticated users to read the private e-mail of other persons in opportunistic circumstances by leveraging lack of thread safety and performing a rapid series of (1) mail-sending or (2) draft-saving operations.
Publish Date: 2013-09-05
URL: CVE-2013-5035
Base Score Metrics not available
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2013-5035
Release Date: 2013-09-05
Fix Resolution: 2.6,rev13
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: