Lucene search

[email protected]NVD:CVE-2021-23900

HistoryJan 13, 2021 - 4:15 p.m.

CVE-2021-23900

2021-01-1316:15:14

[email protected]

web.nvd.nist.gov

owasp

json-sanitizer

vulnerability

denial of service

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

48.5%

JSON

OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these situations.

Affected configurations

Nvd

Node

owaspjson-sanitizerRange<1.2.2

VendorProductVersionCPE
owaspjson-sanitizer*cpe:2.3:a:owasp:json-sanitizer:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
owasp	json-sanitizer	*	cpe:2.3:a:owasp:json-sanitizer::::::::

References

github.com/OWASP/json-sanitizer/commit/a37f594f7378a1c76b3283e0dab9e1ab1dc0247e

github.com/OWASP/json-sanitizer/compare/v1.2.1...v1.2.2

groups.google.com/g/json-sanitizer-support/c/dAW1AeNMoA0

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

48.5%

JSON

Related for NVD:CVE-2021-23900

osv2 veracode1 cvelist1 cve1 github1 prion1