As we enter the truly sweltering months of summer, our hardworking research team has taken comfort in blasting their AC up to full force to put together a list of June’s top 5 new open source security vulnerabilities.
Whether it’s snowing or sunny, the WhiteSource database continues to automatically aggregate known open source security vulnerabilities from multiple resources like the National Vulnerability Database (NVD), as well as other well-respected public, peer-reviewed security advisories, and issue trackers.
June was a rough month for the open source security community, who worked hard to discover and remediate vulnerabilities found in some of the most popular open source libraries and components out there. This list of newly published open source security vulnerabilities a wide variety of open source projects, simple and complex, covering diverse aspects of the software industry.
So, here they are folks, hold on to your seats and read all about the top 5 new open source vulnerabilities in June.
Vulnerability Score: Critical — 9.8 (CVSS v3.0)
Affected versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.
Coming in with a high CVSS v2.0 score 10, is this Android vulnerability. The issue was found in HAliasAnalyzer.Query of hydrogen-alias-analysis.h, and might cause memory corruption due to type confusion.
According to the NVD entry, this could allow a remote code execution attack from a malicious proxy configuration. It’s especially dangerous because the exploit can be performed with no additional execution privileges or user interaction needed.
Rest assured, Android’s security team fixed this issue swiftly. You can read more about the issue and its fix on Android’s security bulletin for June.
Vulnerability Score: High — (Read more...)
*** This is a Security Bloggers Network syndicated blog from Blog – WhiteSource authored by Patricia Johnson. Read the original post at: https://resources.whitesourcesoftware.com/blog-whitesource/top-5-open-source-security-vulnerabilities-in-june-2019