Base Score

MEDIUM5.5

CVE-2022-39259

jadx is a set of command line and GUI tools for producing Java source code from Android Dex and Apk files. versions prior to 1.4.5 are subject to a Denial of Service when opening zip files with HTML sequences. This issue has been patched in version 1.4.5. There are no known workarounds.

VectorLOCAL

Published Bysecurity-advisories@github.com

Published DateOct 21, 2022, 23:15

Affected Versions(1)

io.github.skylot:jadx-plugins-api(Maven)

Introduced0

Fixed1.4.5

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
io.github.skylot:jadx-plugins-api(Maven)	0	1.4.5	N/A

Weakness Type (CWE):NVD-CWE-noinfo

CVSS Metrics

Base Score

5.5

Vector String

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH

References

https://github.com/skylot/jadx/security/advisories/GHSA-3r7j-8mqh-6qhx

Base Score

MEDIUM5.5

Weakness Type (CWE):NVD-CWE-noinfo

CVSS Metrics

Base Score

5.5

Vector String

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH