Lucene search

[email protected]CVE-2021-23900

HistoryJan 13, 2021 - 4:15 p.m.

CVE-2021-23900

2021-01-1316:15:14

[email protected]

web.nvd.nist.gov

cve-2021-23900

owasp

json-sanitizer

nvd

invalid json

denial of service

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

48.6%

JSON

OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these situations.

Affected configurations

NVD

Node

owaspjson-sanitizerRange<1.2.2

CPENameOperatorVersion
owasp:json-sanitizerowasp json-sanitizerlt1.2.2

CPE	Name	Operator	Version
owasp:json-sanitizer	owasp json-sanitizer	lt	1.2.2

References

github.com/OWASP/json-sanitizer/commit/a37f594f7378a1c76b3283e0dab9e1ab1dc0247e

github.com/OWASP/json-sanitizer/compare/v1.2.1...v1.2.2

groups.google.com/g/json-sanitizer-support/c/dAW1AeNMoA0

Social References

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

48.6%

JSON

Related for CVE-2021-23900

osv2 nvd1 cvelist1 github1 veracode1 prion1