VulnCheckCVE-2024-21907CVE-2024-21907
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
69.8%
Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| newtonsoft | json.net | * | cpe:2.3:a:newtonsoft:json.net:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"collectionURL": "https://nuget.org/packages",
"defaultStatus": "unaffected",
"packageName": "Newtonsoft.Json",
"versions": [
{
"lessThan": "13.0.1",
"status": "affected",
"version": "0",
"versionType": "semver 2.0.0"
}
]
}
]References
alephsecurity.com/2018/10/22/StackOverflowException/
alephsecurity.com/vulns/aleph-2018004
github.com/advisories/GHSA-5crp-9r3c-p9vr
github.com/JamesNK/Newtonsoft.Json/commit/7e77bbe1beccceac4fc7b174b53abfefac278b66
github.com/JamesNK/Newtonsoft.Json/issues/2457
github.com/JamesNK/Newtonsoft.Json/pull/2462
security.snyk.io/vuln/SNYK-DOTNET-NEWTONSOFTJSON-2774678
vulncheck.com/advisories/vc-advisory-GHSA-5crp-9r3c-p9vr
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
69.8%