Lucene search

K
githubGitHub Advisory DatabaseGHSA-3VQJ-43W4-2Q58
HistoryDec 13, 2022 - 3:30 p.m.

json stack overflow vulnerability

2022-12-1315:30:26
CWE-787
GitHub Advisory Database
github.com
24
software
vulnerability
json
hutool-json
org.json
denial of service
crafted data

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

41.7%

A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 and org.json:json before version 20230227 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.

Affected configurations

Vulners
Node
cn.hutoolhutool-jsonRange<5.8.25
OR
org.jsonjsonRange<20230227
VendorProductVersionCPE
cn.hutoolhutool-json*cpe:2.3:a:cn.hutool:hutool-json:*:*:*:*:*:*:*:*
org.jsonjson*cpe:2.3:a:org.json:json:*:*:*:*:*:*:*:*

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

41.7%