14 matches found
OESA-2023-1965 jettison security update
Jettison is a collection of Java APIs like STaX and DOM which read and write JSON. This allows nearly transparent enablement of JSON based web services in services frameworks like CXF or XML serialization frameworks like XStream. Security Fixes: Those using Jettison to parse untrusted XML or JSON...
The vulnerability of the Java library for converting objects from XML to JSON format, Jettison, is related to an uncontrolled recursion. This allows a hacker to trigger a service failure.
The vulnerability of the Java library for converting objects from XML to JSON format by Jettison is related to an uncontrolled recursion. Exploiting this vulnerability could allow a malicious actor to cause service failures...
USN-6177-1: Jettison vulnerabilities
It was discovered that Jettison incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service...
jettison: Uncontrolled Recursion in JSONArray
A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown...
Jettison 缓冲区错误漏洞
Jettison is jettison-json open source Jettison is a Java library . Jettison is a Java library that is used to convert XML to JSON with the help of StAX. Jettison 3.3 and earlier versions of a security vulnerability , the vulnerability stems from allowing an attacker to cause a denial of service...
UBUNTU-CVE-2023-1436
An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown...
ae.teletronics.nlp:entityextraction (=1.3), ai.catboost:catboost-spark_2.11 (>=0.25-rc1 <=0.25-rc3) +9241 more potentially affected by CVE-2022-45693 via org.codehaus.jettison:jettison (>=1.0 <=1.5.1)
org.codehaus.jettison:jettison MAVEN version =1.0, =0.25-rc1, =0.25-rc1, =0.25, =0.25, =0.25, =0.25, =1.0.1, =1.0.6, =1.0.6, =1.1, =1.1.1, =1.2, =1.2, =1.2.3, =1.2.10 and more Source cves: CVE-2022-45693 Source advisory: OSV:GHSA-GRR4-WV38-F68W...
ae.teletronics.nlp:entityextraction (=1.3), ai.catboost:catboost-spark_2.11 (>=0.25-rc1 <=0.25-rc3) +9241 more potentially affected by CVE-2022-45685 via org.codehaus.jettison:jettison (>=1.0 <=1.5.1)
org.codehaus.jettison:jettison MAVEN version =1.0, =0.25-rc1, =0.25-rc1, =0.25, =0.25, =0.25, =0.25, =1.0.1, =1.0.6, =1.0.6, =1.1, =1.1.1, =1.2, =1.2, =1.2.3, =1.2.10 and more Source cves: CVE-2022-45685 Source advisory: OSV:GHSA-7RF3-MQPX-H7XG...
DEBIAN-CVE-2022-45685
A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service DoS via crafted JSON data...
UBUNTU-CVE-2022-45693
Jettison before v1.5.2 was discovered to contain a stack overflow via the map parameter. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted string...
Jettison 缓冲区错误漏洞
Jettison is jettison-json open source Jettison is a Java library . Jettison is a Java library that is used to convert XML to JSON with the help of StAX . Jettison v1.5.2 before the version of a security vulnerability , the vulnerability stems from the inclusion of a stack overflow through the map...
ae.teletronics.nlp:entityextraction (=1.3), ai.catboost:catboost-spark_2.11 (>=0.25-rc1 <=0.25-rc3) +9241 more potentially affected by CVE-2022-40150 via org.codehaus.jettison:jettison (>=1.0 <=1.5.1)
org.codehaus.jettison:jettison MAVEN version =1.0, =0.25-rc1, =0.25-rc1, =0.25, =0.25, =0.25, =0.25, =1.0.1, =1.0.6, =1.0.6, =1.1, =1.1.1, =1.2, =1.2, =1.2.3, =1.2.10 and more Source cves: CVE-2022-40150 Source advisory: OSV:GHSA-X27M-9W8J-5VCW...
GHSA-56H3-78GP-V83R Jettison parser crash by stackoverflow
Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack...
Jettison 资源管理错误漏洞
Jettison is jettison-json open source Jettison is a Java library . Jettison is a Java library that is used to convert XML to JSON with the help of StAX. Jettison has a security vulnerability , the vulnerability stems from parsing untrusted XML or JSON data may be vulnerable to denial of service...