VulnerableCode Package Details - pkg:maven/org.jitsi/dnssecjava@1.2.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-t19w-8s3x-z7gt Aliases: GHSA-crjg-w57m-rqqf	DNSJava vulnerable to KeyTrap - Denial-of-Service Algorithmic Complexity Attacks ### Impact Users using the `ValidatingResolver` for DNSSEC validation can run into CPU exhaustion with specially crafted DNSSEC-signed zones. ### Patches Users should upgrade to dnsjava v3.6.0 ### Workarounds Although not recommended, only using a non-validating resolver, will remove the vulnerability. ### References https://www.athene-center.de/en/keytrap	There are no reported fixed by versions.
VCID-vrhz-pre9-7kdk Aliases: GHSA-mmwx-rj87-vfgr	DNSJava affected by KeyTrap - NSEC3 closest encloser proof can exhaust CPU resources ### Impact Users using the `ValidatingResolver` for DNSSEC validation can run into CPU exhaustion with specially crafted DNSSEC-signed zones. ### Patches Users should upgrade to dnsjava v3.6.0 ### Workarounds Although not recommended, only using a non-validating resolver, will remove the vulnerability. ### References https://www.athene-center.de/en/keytrap	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-t19w-8s3x-z7gt
Aliases:
GHSA-crjg-w57m-rqqf

DNSJava vulnerable to KeyTrap - Denial-of-Service Algorithmic Complexity Attacks ### Impact Users using the `ValidatingResolver` for DNSSEC validation can run into CPU exhaustion with specially crafted DNSSEC-signed zones. ### Patches Users should upgrade to dnsjava v3.6.0 ### Workarounds Although not recommended, only using a non-validating resolver, will remove the vulnerability. ### References https://www.athene-center.de/en/keytrap

There are no reported fixed by versions.

VCID-vrhz-pre9-7kdk
Aliases:
GHSA-mmwx-rj87-vfgr

DNSJava affected by KeyTrap - NSEC3 closest encloser proof can exhaust CPU resources ### Impact Users using the `ValidatingResolver` for DNSSEC validation can run into CPU exhaustion with specially crafted DNSSEC-signed zones. ### Patches Users should upgrade to dnsjava v3.6.0 ### Workarounds Although not recommended, only using a non-validating resolver, will remove the vulnerability. ### References https://www.athene-center.de/en/keytrap

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T23:04:47.610136+00:00	GitLab Importer	Affected by	VCID-t19w-8s3x-z7gt	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jitsi/dnssecjava/GHSA-crjg-w57m-rqqf.yml	38.4.0
2026-04-16T23:04:43.534499+00:00	GitLab Importer	Affected by	VCID-vrhz-pre9-7kdk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jitsi/dnssecjava/GHSA-mmwx-rj87-vfgr.yml	38.4.0
2026-04-12T00:22:42.576246+00:00	GitLab Importer	Affected by	VCID-t19w-8s3x-z7gt	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jitsi/dnssecjava/GHSA-crjg-w57m-rqqf.yml	38.3.0
2026-04-12T00:22:38.281514+00:00	GitLab Importer	Affected by	VCID-vrhz-pre9-7kdk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jitsi/dnssecjava/GHSA-mmwx-rj87-vfgr.yml	38.3.0
2026-04-03T00:30:18.983636+00:00	GitLab Importer	Affected by	VCID-t19w-8s3x-z7gt	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jitsi/dnssecjava/GHSA-crjg-w57m-rqqf.yml	38.1.0
2026-04-03T00:30:14.734774+00:00	GitLab Importer	Affected by	VCID-vrhz-pre9-7kdk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jitsi/dnssecjava/GHSA-mmwx-rj87-vfgr.yml	38.1.0