Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Discussion: How to reproduce vulnerability described in https://github.com/jhy/jsoup/security/advisories/GHSA-m72m-mhq2-9p6c #1681

Closed
jsmrcka opened this issue Dec 3, 2021 · 3 comments
Closed

Discussion: How to reproduce vulnerability described in https://github.com/jhy/jsoup/security/advisories/GHSA-m72m-mhq2-9p6c #1681

jsmrcka opened this issue Dec 3, 2021 · 3 comments

Comments

@jsmrcka
Copy link

jsmrcka commented Dec 3, 2021

In an attempt to verify the vulnerability for our project, we are running tests against unpatched jsoup 1.14.1 (and also 1.13.1) using reproducer testcases from:

Both tests pass.

What is the proper way to reproduce?
@jhy
Copy link
Owner

jhy commented Dec 19, 2021

Those issues may not have been in a specific release.

@jhy jhy closed this as completed Dec 19, 2021
@jsmrcka
Copy link
Author

jsmrcka commented Dec 20, 2021

Those issues may not have been in a specific release.

@jhy What does that mean? Do you know a way to reproduce the issues? It would really help us if we were able to write a test which would fail/pass for unfixed/fixed release.

@jhy
Copy link
Owner

jhy commented Dec 23, 2021

There are test cases that cover each of the fixes. But to my mind, the simplest way to check if it's a vulnerable version is to look at the version number.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jhy @jsmrcka