GMS-2022-8083: ArrayIndexOutOfBoundsException triggered by a crafted Sec-Ch-Ua-Full-Version-List

December 8, 2022

Applications using the Client Hints analysis feature introduced with 7.0.0 can crash because the Yauaa library throws an ArrayIndexOutOfBoundsException. Applications that do not use this feature are not affected.

References

github.com/advisories/GHSA-c4pm-63cg-9j7h
github.com/nielsbasjes/yauaa/security/advisories/GHSA-c4pm-63cg-9j7h

Code Behaviors & Features

Detect and mitigate GMS-2022-8083 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →