Eclipse Community Forums: Java Development Tools (JDT) » "Null Deference" Vulnerability found in JarRsrcLoader.class

Home » Language IDEs » Java Development Tools (JDT) » "Null Deference" Vulnerability found in JarRsrcLoader.class(Security vulnerabilty)

"Null Deference" Vulnerability found in JarRsrcLoader.class [message #1815976]

Wed, 16 October 2019 08:48

Eclipse User

Hello

My Java program uses org/eclipse/jdt/internal/jarinjarloader/JarRsrcLoader.class. My client's security compliance team conducted a SAST using Fortify Audit Workbench version 18.10.0187 which found a "Null Dereference" vulnerabiity and classified it as "high priority". My client is very anxious and wishes to know if this will be fixed.

Would you be able to advise me so that I can inform my client and close the loop ? Thank you so much for your advice.

Re: "Null Deference" Vulnerability found in JarRsrcLoader.class [message #1816024 is a reply to message #1815976]

Thu, 17 October 2019 10:47

Eclipse User

Please file a bug at https://bugs.eclipse.org/bugs/enter_bug.cgi?product=JDT (component: UI), and specify where exactly in that class the null problem was found. If needed the flag "[x] Committer-only group for handling security advisories in a closed fashion." may be set to restrict the visibility of the issue.

[Updated on: Thu, 17 October 2019 10:48] by Moderator

Re: "Null Deference" Vulnerability found in JarRsrcLoader.class [message #1816048 is a reply to message #1816024]

Thu, 17 October 2019 23:57

Eclipse User

Thank you. We will do that. Can you tell me what I would expect next ? E.g. will there be a confirmation whether it will be fixed or not and a timeline ?

Previous Topic:	Kotlin plugin issues
Next Topic:	JRE Oracle Corporation/13.0.1 is not supported, advanced source lookup disabled

Goto Forum:

-=] Back to Top [=-

Current Time: Sat Jul 12 20:18:37 EDT 2025

.:: Contact :: Home ::.

Breadcrumbs

Sign up to our Newsletter