Linux Distros Unpatched Vulnerability : CVE-2022-21653

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Jawn is an open source JSON parser. Extenders of the org.typelevel.jawn.SimpleFacade and org.typelevel.jawn.MutableFacade who don't override objectContext are...

org.typelevel:jawn-ast_3.0.0-M1 (>=1.0.1 <=1.0.2), org.typelevel:jawn-json4s_3.0.0-M1 (>=1.0.1 <=1.0.2) +3 more potentially affected by CVE-2022-21653 via org.typelevel:jawn-parser_3.0.0-M1 (>=1.0.1 <=1.0.2)

org.typelevel:jawn-parser3.0.0-M1 MAVEN version =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.2 Source cves: CVE-2022-21653 Source advisory: OSV:GHSA-VC89-HCCF-RQ55...

com.github.ghostdogpr:caliban-client_3.0.0-RC3 (=0.10.0), com.github.ghostdogpr:caliban-zio-http_3.0.0-RC3 (=0.10.0) +9 more potentially affected by CVE-2022-21653 via org.typelevel:jawn-parser_3.0.0-RC3 (=1.1.2)

org.typelevel:jawn-parser3.0.0-RC3 MAVEN version =1.1.2 is affected by a known vulnerability. The following packages have a transitive dependency on org.typelevel:jawn-parser3.0.0-RC3 and may be impacted: - com.github.ghostdogpr:caliban-client3.0.0-RC3 =0.10.0 -...

ai.eto:rikai_2.13 (>=0.0.14 <=0.1.7), ai.mantik:bridge-protocol_2.13 (>=0.4.0 <=0.4.0-rc1) +1326 more potentially affected by CVE-2022-21653 via org.typelevel:jawn-parser_2.13 (>=0.14.2 <=1.3.1)

org.typelevel:jawn-parser2.13 MAVEN version =0.14.2, =0.0.14, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0-rc1 and more Source cves: CVE-2022-21653 Source advisory: OSV:GHSA-VC89-HCCF-RQ55...

org.typelevel:jawn-ast_0.25 (=1.0.0), org.typelevel:jawn-util_0.25 (=1.0.0) potentially affected by CVE-2022-21653 via org.typelevel:jawn-parser_0.25 (=1.0.0)

org.typelevel:jawn-parser0.25 MAVEN version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.typelevel:jawn-parser0.25 and may be impacted: - org.typelevel:jawn-ast0.25 =1.0.0 - org.typelevel:jawn-util0.25 =1.0.0 Source cves: CVE-2022-21653...

ai.eto:rikai_2.12 (>=0.0.3 <=0.1.7), ai.mantik:bridge-protocol_2.12 (>=0.3.0 <=0.3.1-rc2) +1278 more potentially affected by CVE-2022-21653 via org.typelevel:jawn-parser_2.12 (>=0.14.0 <=1.3.1)

org.typelevel:jawn-parser2.12 MAVEN version =0.14.0, =0.0.3, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.0, =0.3.1-rc2 and more Source cves: CVE-2022-21653 Source advisory: OSV:GHSA-VC89-HCCF-RQ55...

ch.acmesoftware:arangodb-scala-driver-circe_2.11 (=0.3.0), com.47deg:github4s-cats-effect_2.11 (=0.20.0) +322 more potentially affected by CVE-2022-21653 via org.typelevel:jawn-parser_2.11 (>=0.14.0 <=0.14.3)

org.typelevel:jawn-parser2.11 MAVEN version =0.14.0, =4.0.1, =4.0.1, =4.0.1, =0.4.0, =0.4.0, =0.4.0, =5.0.0, =4.2.0-RC1, =4.2.0-RC1, =4.4.0-RC2 and more Source cves: CVE-2022-21653 Source advisory: OSV:GHSA-VC89-HCCF-RQ55...

org.typelevel:jawn-ast_2.11 (>=1.0.0-RC1 <=1.0.0-RC2), org.typelevel:jawn-json4s_2.11 (>=1.0.0-RC1 <=1.0.0-RC2) +3 more potentially affected by CVE-2022-21653 via org.typelevel:jawn-parser_2.11 (>=1.0.0-RC1 <=1.0.0-RC2)

org.typelevel:jawn-parser2.11 MAVEN version =1.0.0-RC1, =1.0.0-RC1, =1.0.0-RC1, =1.0.0-RC1, =1.0.0-RC1, =1.0.0-RC1, =1.0.0-RC2 Source cves: CVE-2022-21653 Source advisory: OSV:GHSA-VC89-HCCF-RQ55...

GHSA-VC89-HCCF-RQ55 Hash collision in typelevel jawn

Impact Extenders of the org.typelevel.jawn.SimpleFacade and org.typelevel.jawn.MutableFacade who don't override objectContext are vulnerable to a hash collision attack. Most applications do not implement these traits directly, but inherit from a library: Affected implementations include: org.http...

org.typelevel:jawn-ast_0.27 (>=1.0.0 <=1.0.2), org.typelevel:jawn-json4s_0.27 (>=1.0.1 <=1.0.2) +3 more potentially affected by CVE-2022-21653 via org.typelevel:jawn-parser_0.27 (>=1.0.0 <=1.0.2)

org.typelevel:jawn-parser0.27 MAVEN version =1.0.0, =1.0.0, =1.0.1, =1.0.1, =1.0.1, =1.0.0, =1.0.2 Source cves: CVE-2022-21653 Source advisory: OSV:GHSA-VC89-HCCF-RQ55...

au.id.tmm.fetch:fetch-aws-dynamodb_3 (>=0.7.0 <=0.9.2), au.id.tmm.fetch:fetch-aws-textract_3 (>=0.2.0 <=0.9.2) +331 more potentially affected by CVE-2022-21653 via org.typelevel:jawn-parser_3 (>=1.1.2 <=1.3.1)

org.typelevel:jawn-parser3 MAVEN version =1.1.2, =0.7.0, =0.2.0, =0.7.0, =0.2.0, =0.2.0, =0.29.0, =0.0.1, =0.0.1, =0.0-08b8c90, =0.0-08b8c90, =0.0-08b8c90, =0.1-f497734 and more Source cves: CVE-2022-21653 Source advisory: OSV:GHSA-VC89-HCCF-RQ55...

io.circe:circe-jawn_3.0.0-M3 (>=0.14.0-M2 <=0.14.0-M3), io.circe:circe-parser_3.0.0-M3 (>=0.14.0-M2 <=0.14.0-M3) +10 more potentially affected by CVE-2022-21653 via org.typelevel:jawn-parser_3.0.0-M3 (>=1.0.3 <=1.1.0)

org.typelevel:jawn-parser3.0.0-M3 MAVEN version =1.0.3, =0.14.0-M2, =0.14.0-M2, =1.0.1, =1.0.3, =2.0.0, =1.0.3, =1.1.0 - tech.bilal:akka-http-client-circe3.0.0-M3 =0.0.3-beta - tech.bilal:akka-http-jwt-auth3.0.0-M3 =0.0.3-beta - tech.bilal:akka-http-oidc-client3.0.0-M3 =0.0.3-beta Source cves:...

org.http4s:jawn-fs2_3.0.0-M2 (>=1.0.1 <=1.0.1-RC3), org.typelevel:jawn-ast_3.0.0-M2 (>=1.0.2 <=1.0.3) +5 more potentially affected by CVE-2022-21653 via org.typelevel:jawn-parser_3.0.0-M2 (>=1.0.2 <=1.0.3)

org.typelevel:jawn-parser3.0.0-M2 MAVEN version =1.0.2, =1.0.1, =1.0.2, =2.0.0-RC1, =1.0.2, =1.0.2, =1.0.2, =1.0.2, =1.0.3 Source cves: CVE-2022-21653 Source advisory: OSV:GHSA-VC89-HCCF-RQ55...

Hash collision in typelevel jawn

Impact Extenders of the org.typelevel.jawn.SimpleFacade and org.typelevel.jawn.MutableFacade who don't override objectContext are vulnerable to a hash collision attack. Most applications do not implement these traits directly, but inherit from a library: Affected implementations include: org.http...

com.softwaremill.sttp.client3:circe_3.0.0-RC2 (>=3.3.0-RC1 <=3.3.0-RC5), io.circe:circe-jawn_3.0.0-RC2 (=0.14.0-M5) +15 more potentially affected by CVE-2022-21653 via org.typelevel:jawn-parser_3.0.0-RC2 (>=1.1.1 <=1.1.2)

org.typelevel:jawn-parser3.0.0-RC2 MAVEN version =1.1.1, =3.3.0-RC1, =0.9.2, =0.9.2, =0.10.0, =0.22.0-M7, =0.22.0-M7, =1.1.1, =0.0.26, =1.1.1, =1.1.1, =1.1.2 - tech.bilal:akka-http-client-circe3.0.0-RC2 =0.0.5-beta and more Source cves: CVE-2022-21653 Source advisory: OSV:GHSA-VC89-HCCF-RQ55...

com.softwaremill.sttp.client3:circe_3.0.0-RC1 (>=3.1.5 <=3.2.3), io.circe:circe-jawn_3.0.0-RC1 (=0.14.0-M4) +14 more potentially affected by CVE-2022-21653 via org.typelevel:jawn-parser_3.0.0-RC1 (>=1.1.0 <=1.1.1)

org.typelevel:jawn-parser3.0.0-RC1 MAVEN version =1.1.0, =3.1.5, =0.22.0-M4, =0.22.0-M4, =0.22.0-M4, =1.1.0, =1.1.0, =2.0.0, =1.1.0, =1.1.1 - tech.bilal:akka-http-client-circe3.0.0-RC1 =0.0.4-beta - tech.bilal:akka-http-jwt-auth3.0.0-RC1 =0.0.4-beta and more Source cves: CVE-2022-21653 Source...

CVE-2022-21653

Jawn is an open source JSON parser. Extenders of the org.typelevel.jawn.SimpleFacade and org.typelevel.jawn.MutableFacade who don't override objectContext are vulnerable to a hash collision attack which may result in a denial of service. Most applications do not implement these traits directly, b...

Code injection

Jawn is an open source JSON parser. Extenders of the org.typelevel.jawn.SimpleFacade and org.typelevel.jawn.MutableFacade who don't override objectContext are vulnerable to a hash collision attack which may result in a denial of service. Most applications do not implement these traits directly, b...

CVE-2022-21653 Hash collision in typelevel jawn

Jawn is an open source JSON parser. Extenders of the org.typelevel.jawn.SimpleFacade and org.typelevel.jawn.MutableFacade who don't override objectContext are vulnerable to a hash collision attack which may result in a denial of service. Most applications do not implement these traits directly, b...