Moderate severityNVD Advisory· Published Oct 21, 2022· Updated Apr 22, 2025

Jadx-gui subject to Denial of Service via Swing HTML rendering

CVE-2022-39259

Description

jadx is a set of command line and GUI tools for producing Java source code from Android Dex and Apk files. versions prior to 1.4.5 are subject to a Denial of Service when opening zip files with HTML sequences. This issue has been patched in version 1.4.5. There are no known workarounds.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
io.github.skylot:jadx-plugins-apiMaven	< 1.4.5	1.4.5

Affected products

Skylot/Jadxv5
Range: < 1.4.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-3r7j-8mqh-6qhxghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2022-39259ghsaADVISORY
github.com/skylot/jadx/releases/tag/v1.4.5ghsaWEB
github.com/skylot/jadx/security/advisories/GHSA-3r7j-8mqh-6qhxghsaWEB
www.oracle.com/java/technologies/javase/seccodeguide.htmlghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000