Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to JSON-Java

Summary IBM webMethods BPM uses JSON-Java for reading and parsing of JSON data. Vulnerability Details CVEID:CVE-2023-5072 DESCRIPTION: Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts...

Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to json-20190722.jar

Summary IBM webMethods BPM uses json-20190722.jar for reading and parsing of JSON data. Vulnerability Details CVEID:CVE-2023-5072 DESCRIPTION: Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite...

EUVD-2022-7491

Malicious code in bioql PyPI...

CVE-2022-45689

hutool-json v5.8.10 was discovered to contain an out of memory error...

CVE-2022-45688

A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service DoS via crafted JSON or XML data...

CVE-2022-45690

A stack overflow in the org.json.JSONTokener.nextValue::JSONTokener.java component of hutool-json v5.8.10 allows attackers to cause a Denial of Service DoS via crafted JSON or XML data...

SUSE CVE-2022-45688

A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service DoS via crafted JSON or XML data...

DoS (Denial of Service) org.json:json Dependency in Jira Software Data Center and Server

This High severity org.json:json Dependency vulnerability was introduced in versions 8.20.0, 8.22.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, and 9.9.0 of Jira Software Data Center and Server. This org.json:json Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS...

hutool-json Vulnerability in Bitbucket Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 7.17.0, 7.21.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, and 8.12.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

The vulnerability in the `org.json.JSONTokener.nextValue::JSONTokener.java` component of the file and network operations handling library hutool-json, which allows a attacker to cause a service failure.

The vulnerability in the org.json.JSONTokener.nextValue::JSONTokener.java component of the file and network operations library hutool-json is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to cause service failures...

The vulnerability of the XML.toJSONObject component in the file and network operations library hutool-json allows a attacker to cause a service failure.

The vulnerability of the XML.toJSONObject component in the library for file processing and network operations in hutool-json is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to cause service failures...

The vulnerability of the library for processing files and network operations, hutool-json, is related to writing beyond the buffer boundaries in memory. This allows a malicious actor to cause a service failure.

The vulnerability of the hutool-json library for file processing and network operations is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to cause service failures...

club.mrxiao:express-java-common (>=1.0.0 <=1.0.2), club.mrxiao:express-java-jdl (>=1.0.0 <=1.0.2) +439 more potentially affected by CVE-2023-42276 via cn.hutool:hutool-json (>=4.0.0 <=5.8.21)

cn.hutool:hutool-json MAVEN version =4.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.0.3, =2.0.5, =2.0.1.B, =2.0.1.B, =2.0.1.B, =1.0.1, =1.0.3 and more Source cves: CVE-2023-42276 Source advisory: OSV:GHSA-RXGF-R843-G53H...

club.mrxiao:express-java-common (>=1.0.0 <=1.0.2), club.mrxiao:express-java-jdl (>=1.0.0 <=1.0.2) +439 more potentially affected by CVE-2023-42278 via cn.hutool:hutool-json (>=4.0.0 <=5.8.21)

cn.hutool:hutool-json MAVEN version =4.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.0.3, =2.0.5, =2.0.1.B, =2.0.1.B, =2.0.1.B, =1.0.1, =1.0.3 and more Source cves: CVE-2023-42278 Source advisory: OSV:GHSA-RR66-QH5M-W6MX...

club.mrxiao:express-java-common (>=1.0.0 <=1.0.2), club.mrxiao:express-java-jdl (>=1.0.0 <=1.0.2) +439 more potentially affected by CVE-2023-42277 via cn.hutool:hutool-json (>=4.0.0 <=5.8.21)

cn.hutool:hutool-json MAVEN version =4.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.0.3, =2.0.5, =2.0.1.B, =2.0.1.B, =2.0.1.B, =1.0.1, =1.0.3 and more Source cves: CVE-2023-42277 Source advisory: OSV:GHSA-7P8C-CRFR-Q93P...

CVE-2022-45688 -A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10

A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service DoS via crafted JSON or XML data. Products Confirmed Not Affected No Brocade Fibre Channel Product from Broadcom Products is known to be affected by this vulnerability...

Denial Of Service (DoS)

hutool-json and json are vulnerable to Denial Of Service DoS. The vulnerability exists due to a stack-based overflow in the library which allows an attacker to cause an application crash via malicious JSON or XML data...

Denial Of Service (DoS)

hutool-json is vulnerable to denial of service. The vulnerability exists due to an out-of-memory error which allows an attacker to cause an application crash via malicious input...

club.mrxiao:express-java-common (>=1.0.0 <=1.0.2), club.mrxiao:express-java-jdl (>=1.0.0 <=1.0.2) +263 more potentially affected by CVE-2022-45690 via cn.hutool:hutool-json (>=4.0.0 <=5.8.10)

cn.hutool:hutool-json MAVEN version =4.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.0.3, =2.0.5, =2.0.1.B, =2.0.1.B, =2.0.1.B, =1.0.1, =1.0.3 and more Source cves: CVE-2022-45690 Source advisory: OSV:GHSA-WHGH-G24C-3J5Q...

cc.zhaoac:faith-permission (=1.1.0), cc.zhaoac:faith-tool-boot (=1.1.0) +517 more potentially affected by CVE-2022-45688 via cn.hutool:hutool-json (>=4.0.0 <=5.8.24)

cn.hutool:hutool-json MAVEN version =4.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.0.3, =2.0.5, =3.0.2 and more Source cves: CVE-2022-45688 Source advisory: OSV:GHSA-3VQJ-43W4-2Q58...