CVE-2013-4378
medium
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
4.3
Description
Improper Neutralization of Input During Web Page Generation in JavaMelody
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | net.bull.javamelody:javamelody-core | <1.47.0 | 1.47.0 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| emeric_vernat | javamelody | {"endIncluding":"1.46"} | |
| emeric_vernat | javamelody | 1.6 | |
| emeric_vernat | javamelody | 1.7 | |
| emeric_vernat | javamelody | 1.8 | |
| emeric_vernat | javamelody | 1.9 | |
| emeric_vernat | javamelody | 1.10 | |
| emeric_vernat | javamelody | 1.11 | |
| emeric_vernat | javamelody | 1.12 | |
| emeric_vernat | javamelody | 1.13 | |
| emeric_vernat | javamelody | 1.14 | |
| emeric_vernat | javamelody | 1.15 | |
| emeric_vernat | javamelody | 1.16 | |
| emeric_vernat | javamelody | 1.17 | |
| emeric_vernat | javamelody | 1.18 | |
| emeric_vernat | javamelody | 1.19 | |
| emeric_vernat | javamelody | 1.20 | |
| emeric_vernat | javamelody | 1.21 | |
| emeric_vernat | javamelody | 1.22 | |
| emeric_vernat | javamelody | 1.23 | |
| emeric_vernat | javamelody | 1.24 | |
| emeric_vernat | javamelody | 1.25 | |
| emeric_vernat | javamelody | 1.26 | |
| emeric_vernat | javamelody | 1.27 | |
| emeric_vernat | javamelody | 1.28 | |
| emeric_vernat | javamelody | 1.29 | |
| emeric_vernat | javamelody | 1.30 | |
| emeric_vernat | javamelody | 1.31 | |
| emeric_vernat | javamelody | 1.32 | |
| emeric_vernat | javamelody | 1.32.1 | |
| emeric_vernat | javamelody | 1.33 | |
| emeric_vernat | javamelody | 1.34 | |
| emeric_vernat | javamelody | 1.35 | |
| emeric_vernat | javamelody | 1.36 | |
| emeric_vernat | javamelody | 1.37 | |
| emeric_vernat | javamelody | 1.38 | |
| emeric_vernat | javamelody | 1.39 | |
| emeric_vernat | javamelody | 1.40 | |
| emeric_vernat | javamelody | 1.41 | |
| emeric_vernat | javamelody | 1.42 | |
| emeric_vernat | javamelody | 1.43 | |
| emeric_vernat | javamelody | 1.44 | |
| emeric_vernat | javamelody | 1.45 | |
References
- http://osvdb.org/97778
- http://seclists.org/oss-sec/2013/q3/679
- http://www.securityfocus.com/bid/62679
- https://code.google.com/p/javamelody/issues/detail?id=346
- https://code.google.com/p/javamelody/source/detail?r=3515
- https://code.google.com/p/javamelody/wiki/ReleaseNotes
- https://nvd.nist.gov/vuln/detail/CVE-2013-4378
- https://github.com/javamelody/javamelody/issues/346
- https://github.com/javamelody/javamelody/commit/aacbc46151ff4ac1ca34ce0899c2a6113071c66e
CWEs
CWE-79
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.