CVE-2019-12416: Injection in DeltaSpike
6.1
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.74056%
CWE
Published
2/10/2022
Updated
1/20/2023
KEV Status
No
Technology
Java
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
org.apache.deltaspike:deltaspike | maven | <= 1.9.3 | 1.9.4 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The provided information indicates the vulnerability exists in the windowhandler.js
file when using ClientSideWindowStrategy, but the exact functions involved are not specified in the available data. Without access to the specific code changes in the security patches or detailed commit information, it's not possible to confidently identify the vulnerable function names that would appear in a runtime profiler. The CWE-74 suggests improper output neutralization, likely in functions processing window IDs or parameters, but concrete evidence linking to specific function signatures is missing.