GMS-2022-8082: Yauaa vulnerable to ArrayIndexOutOfBoundsException triggered by a crafted Sec-Ch-Ua-Full-Version-List

December 8, 2022

Impact

Applications using the Client Hints analysis feature introduced with 7.0.0 can crash because the Yauaa library throws an ArrayIndexOutOfBoundsException.

Applications that do not use this feature are not affected.

Patches

Upgrade to 7.9.0

Workarounds

Catch and discard any exceptions from Yauaa.

References

github.com/advisories/GHSA-c4pm-63cg-9j7h
github.com/nielsbasjes/yauaa/security/advisories/GHSA-c4pm-63cg-9j7h

Detect and mitigate GMS-2022-8082 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →