Lucene search
K

14 matches found

OSV
OSV
added 2023/12/22 11:6 a.m.6 views

OESA-2023-1965 jettison security update

Jettison is a collection of Java APIs like STaX and DOM which read and write JSON. This allows nearly transparent enablement of JSON based web services in services frameworks like CXF or XML serialization frameworks like XStream. Security Fixes: Those using Jettison to parse untrusted XML or JSON...

7.5CVSS8.1AI score0.01395EPSS
Exploits3References6
BDU FSTEC
BDU FSTEC
added 2023/11/23 12:0 a.m.5 views

The vulnerability of the Java library for converting objects from XML to JSON format, Jettison, is related to an uncontrolled recursion. This allows a hacker to trigger a service failure.

The vulnerability of the Java library for converting objects from XML to JSON format by Jettison is related to an uncontrolled recursion. Exploiting this vulnerability could allow a malicious actor to cause service failures...

5.9CVSS6.4AI score0.01009EPSS
Exploits1References4Affected Software1
Ubuntu
Ubuntu
added 2023/06/19 11:39 a.m.64 views

USN-6177-1: Jettison vulnerabilities

It was discovered that Jettison incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service...

7.5CVSS7AI score0.01395EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2023/06/19 10:15 a.m.6 views

jettison: Uncontrolled Recursion in JSONArray

A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown...

7.5CVSS7AI score0.01009EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/06/14 12:0 a.m.6 views

Jettison 缓冲区错误漏洞

Jettison is jettison-json open source Jettison is a Java library . Jettison is a Java library that is used to convert XML to JSON with the help of StAX. Jettison 3.3 and earlier versions of a security vulnerability , the vulnerability stems from allowing an attacker to cause a denial of service...

7.5CVSS7.3AI score0.01175EPSS
Exploits1References4
OSV
OSV
added 2023/03/22 6:15 a.m.5 views

UBUNTU-CVE-2023-1436

An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown...

7.5CVSS6.6AI score0.01009EPSS
Exploits1References4
vulnersOsv
vulnersOsv
added 2022/12/13 3:30 p.m.6 views

ae.teletronics.nlp:entityextraction (=1.3), ai.catboost:catboost-spark_2.11 (>=0.25-rc1 <=0.25-rc3) +9241 more potentially affected by CVE-2022-45693 via org.codehaus.jettison:jettison (>=1.0 <=1.5.1)

org.codehaus.jettison:jettison MAVEN version =1.0, =0.25-rc1, =0.25-rc1, =0.25, =0.25, =0.25, =0.25, =1.0.1, =1.0.6, =1.0.6, =1.1, =1.1.1, =1.2, =1.2, =1.2.3, =1.2.10 and more Source cves: CVE-2022-45693 Source advisory: OSV:GHSA-GRR4-WV38-F68W...

7.5CVSS6.5AI score0.01395EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/12/13 3:30 p.m.5 views

ae.teletronics.nlp:entityextraction (=1.3), ai.catboost:catboost-spark_2.11 (>=0.25-rc1 <=0.25-rc3) +9241 more potentially affected by CVE-2022-45685 via org.codehaus.jettison:jettison (>=1.0 <=1.5.1)

org.codehaus.jettison:jettison MAVEN version =1.0, =0.25-rc1, =0.25-rc1, =0.25, =0.25, =0.25, =0.25, =1.0.1, =1.0.6, =1.0.6, =1.1, =1.1.1, =1.2, =1.2, =1.2.3, =1.2.10 and more Source cves: CVE-2022-45685 Source advisory: OSV:GHSA-7RF3-MQPX-H7XG...

7.5CVSS7.1AI score0.01395EPSS
Exploits1
OSV
OSV
added 2022/12/13 3:15 p.m.2 views

DEBIAN-CVE-2022-45685

A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service DoS via crafted JSON data...

7.5CVSS7.8AI score0.01395EPSS
Exploits1References1
OSV
OSV
added 2022/12/13 3:15 p.m.2 views

UBUNTU-CVE-2022-45693

Jettison before v1.5.2 was discovered to contain a stack overflow via the map parameter. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted string...

7.5CVSS6.8AI score0.01395EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/12/13 12:0 a.m.1 views

Jettison 缓冲区错误漏洞

Jettison is jettison-json open source Jettison is a Java library . Jettison is a Java library that is used to convert XML to JSON with the help of StAX . Jettison v1.5.2 before the version of a security vulnerability , the vulnerability stems from the inclusion of a stack overflow through the map...

7.5CVSS7AI score0.01395EPSS
Exploits1References17
vulnersOsv
vulnersOsv
added 2022/09/17 12:0 a.m.10 views

ae.teletronics.nlp:entityextraction (=1.3), ai.catboost:catboost-spark_2.11 (>=0.25-rc1 <=0.25-rc3) +9241 more potentially affected by CVE-2022-40150 via org.codehaus.jettison:jettison (>=1.0 <=1.5.1)

org.codehaus.jettison:jettison MAVEN version =1.0, =0.25-rc1, =0.25-rc1, =0.25, =0.25, =0.25, =0.25, =1.0.1, =1.0.6, =1.0.6, =1.1, =1.1.1, =1.2, =1.2, =1.2.3, =1.2.10 and more Source cves: CVE-2022-40150 Source advisory: OSV:GHSA-X27M-9W8J-5VCW...

7.5CVSS6.8AI score0.01256EPSS
Exploits0
OSV
OSV
added 2022/09/17 12:0 a.m.1 views

GHSA-56H3-78GP-V83R Jettison parser crash by stackoverflow

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack...

6.5CVSS6.7AI score0.01287EPSS
Exploits0References8
CNNVD
CNNVD
added 2022/09/16 12:0 a.m.2 views

Jettison 资源管理错误漏洞

Jettison is jettison-json open source Jettison is a Java library . Jettison is a Java library that is used to convert XML to JSON with the help of StAX. Jettison has a security vulnerability , the vulnerability stems from parsing untrusted XML or JSON data may be vulnerable to denial of service...

7.5CVSS6.9AI score0.01256EPSS
Exploits0References20
Rows per page
Query Builder