GMS-2022-5657: Jadx-gui vulnerable to swing HTML Denial of Service (DoS) attack

October 20, 2022

Using jadx-gui to open a special zip file with entry containing HTML sequence like <html><frame> will cause interface to get stuck and throw exceptions

References

github.com/advisories/GHSA-3r7j-8mqh-6qhx
github.com/skylot/jadx/releases/tag/v1.4.5
github.com/skylot/jadx/security/advisories/GHSA-3r7j-8mqh-6qhx
www.oracle.com/java/technologies/javase/seccodeguide.html

Detect and mitigate GMS-2022-5657 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →