8 matches found
CVE-2018-18855
CVE-2018-18855 describes a denial-of-service in spray-json (Lightbend Spray) via an uncontrolled recursion in JsonParser during deep nesting. IBM’s bulletin ties this to IBM Cloud APM (Base Private 8.1.4 and Advanced Private 8.1.4). Root cause: JsonParser’s unbounded recursion allows resource exh...
net.virtual-void:json-lenses_2.9.3 (=0.5.4) potentially affected by CVE-2018-18855 via io.spray:spray-json_2.9.3 (=1.2.5)
io.spray:spray-json2.9.3 MAVEN version =1.2.5 is affected by a known vulnerability. The following packages have a transitive dependency on io.spray:spray-json2.9.3 and may be impacted: - net.virtual-void:json-lenses2.9.3 =0.5.4 Source cves: CVE-2018-18855 Source advisory: OSV:GHSA-WW3V-6XJF-JV28...
com.pauldijou:jwt-spray-json_2.13.0-M5 (>=2.1.0 <=3.0.0), org.typelevel:jawn-spray_2.13.0-M5 (=0.14.0) potentially affected by CVE-2018-18855 via io.spray:spray-json_2.13.0-M5 (=1.3.4)
io.spray:spray-json2.13.0-M5 MAVEN version =1.3.4 is affected by a known vulnerability. The following packages have a transitive dependency on io.spray:spray-json2.13.0-M5 and may be impacted: - com.pauldijou:jwt-spray-json2.13.0-M5 =2.1.0, =3.0.0 - org.typelevel:jawn-spray2.13.0-M5 =0.14.0 Sourc...
com.typesafe.akka:akka-http-spray-json-experimental_2.12.0-M5 (=2.4.8) potentially affected by CVE-2018-18855 via io.spray:spray-json_2.12.0-M5 (=1.3.2)
io.spray:spray-json2.12.0-M5 MAVEN version =1.3.2 is affected by a known vulnerability. The following packages have a transitive dependency on io.spray:spray-json2.12.0-M5 and may be impacted: - com.typesafe.akka:akka-http-spray-json-experimental2.12.0-M5 =2.4.8 Source cves: CVE-2018-18855 Source...
com.storm-enroute:scalameter_2.12.0-RC1 (>=0.8 <=0.8.1), com.typesafe.akka:akka-http-spray-json-experimental_2.12.0-RC1 (>=2.4.10 <=2.4.11) +1 more potentially affected by CVE-2018-18855 via io.spray:spray-json_2.12.0-RC1 (=1.3.2)
io.spray:spray-json2.12.0-RC1 MAVEN version =1.3.2 is affected by a known vulnerability. The following packages have a transitive dependency on io.spray:spray-json2.12.0-RC1 and may be impacted: - com.storm-enroute:scalameter2.12.0-RC1 =0.8, =2.4.10, =2.4.11 - org.spire-math:jawn-spray2.12.0-RC1...
io.lemonlabs:scala-uri_2.13.0-M4 (>=1.3.0 <=1.4.5) potentially affected by CVE-2018-18855 via io.spray:spray-json_2.13.0-M4 (=1.3.4)
io.spray:spray-json2.13.0-M4 MAVEN version =1.3.4 is affected by a known vulnerability. The following packages have a transitive dependency on io.spray:spray-json2.13.0-M4 and may be impacted: - io.lemonlabs:scala-uri2.13.0-M4 =1.3.0, =1.4.5 Source cves: CVE-2018-18855 Source advisory:...
ai.deepsense:seahorse-executor-commons_2.11 (>=1.4.2 <=1.4.3), ai.deepsense:seahorse-executor-deeplang_2.11 (>=1.4.2 <=1.4.3) +505 more potentially affected by CVE-2018-18855 via io.spray:spray-json_2.11 (>=1.2.6 <=1.3.4)
io.spray:spray-json2.11 MAVEN version =1.2.6, =1.4.2, =1.4.2, =1.4.2, =1.4.2, =1.4, =1.0, =0.1.3, =0.1.14, =1.0.0, =0.1.0, =0.5.0, =0.11.1, =0.15.2, =0.5.0, =0.0.8, =0.0.12 and more Source cves: CVE-2018-18855 Source advisory: OSV:GHSA-WW3V-6XJF-JV28...
ai.agnos:reactive-sparql_2.12 (>=0.3.0 <=0.3.1), be.cetic:rts-gen_2.12 (>=0.1.3 <=0.1.13) +382 more potentially affected by CVE-2018-18855 via io.spray:spray-json_2.12 (>=1.3.2 <=1.3.4)
io.spray:spray-json2.12 MAVEN version =1.3.2, =0.3.0, =0.1.3, =0.1.14, =0.11.1, =0.15.2, =0.2.0, =0.0.82.12, =1.23.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0-RC8 - com.chudsaviet.gradle.avrohugger:com.chudsaviet.gradle.avrohugger.gradle.plugin =0.2.4 - com.cra.figaro:figaro2.12 =5.0.0.0 and more Source...