Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in Json-smart

Summary A vulnerability has been identified in Json-smart library, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2023-1370 DESCRIPTION:Json-smart is a performance focused, JSON processor lib. When reaching a ‘‘ or ‘‘ character in the JSON...

DoS (Denial of Service) net.minidev:json-smart Dependency in Jira Service Management Data Center

This High severity DoS Denial of Service vulnerability was introduced in versions 10.3.0, and 11.3.0 of Jira Service Management Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticat...

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to json-smart (CVE-2024-57699)

Summary The Transformation Advisor tool in IBM App Connect Enterprise is vulnerable to a denial of service due to json-smart. Vulnerability Details CVEID:CVE-2024-57699 DESCRIPTION: A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input,...

Denial Of Service (DoS)

net.minidev, json-smart is vulnerable to Denial Of Service DoS. The vulnerability is due to loading a specially crafted JSON input with a large number of ‘’, which allows an attacker to trigger a Denial of Service DoS attack...

ai.ancf.lmos:arc-runner (>=0.1.1 <=0.120.0), ai.bizone:json-transform (>=1.0.0 <=1.16.0) +5163 more potentially affected by CVE-2023-1370 +1 more via net.minidev:json-smart (>=2.5.0 <=2.5.1)

net.minidev:json-smart MAVEN version =2.5.0, =0.1.1, =1.0.0, =0.6.0, =0.5.0, =0.7.0, =3.10.0.5, =0.5.0, =1.5.3.RELEASE, =1.5.4.RELEASE, =1.5.4.RELEASE, =2.0.0, =1.3.3, =0.25.7-rc.1, =0.25.7-rc.74 and more Source cves: CVE-2023-1370, CVE-2024-57699 Source advisory: SNYK:JAVA-NETMINIDEV-8689573...

ai.ancf.lmos:arc-runner (>=0.1.1 <=0.120.0), ai.bizone:json-transform (>=1.0.0 <=1.16.0) +5163 more potentially affected by CVE-2023-1370 +1 more via net.minidev:json-smart (>=2.5.0 <=2.5.1)

net.minidev:json-smart MAVEN version =2.5.0, =0.1.1, =1.0.0, =0.6.0, =0.5.0, =0.7.0, =3.10.0.5, =0.5.0, =1.5.3.RELEASE, =1.5.4.RELEASE, =1.5.4.RELEASE, =2.0.0, =1.3.3, =0.25.7-rc.1, =0.25.7-rc.74 and more Source cves: CVE-2023-1370, CVE-2024-57699 Source advisory: OSV:GHSA-PQ2G-WX69-C263...

PT-2025-5776 · Unknown +2 · Netplex Json-Smart +4

Name of the Vulnerable Software and Affected Versions: Netplex Json-smart versions 2.5.0 through 2.5.1 Confluence Data Center and Server versions prior to 8.5.22 Confluence Data Center and Server versions prior to 9.2.4 Confluence Data Center and Server versions prior to 9.4.1 Bamboo Data Center...

json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)

A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘‘ or ‘‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed...

json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)

A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘‘ or ‘‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed...

Important: Red Hat Security Advisory: Red Hat Integration Camel K 1.10.1 release security update

Red Hat Integration Camel K 1.10.1 release and security update is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Red Hat Product Security has rated this update as having an impact of Important. A security update for Camel K 1.10.1 is now...

json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)

A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘‘ or ‘‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed...

GHSA-493P-PFQ6-5258 json-smart Uncontrolled Recursion vulnerability

Impact Affected versions of net.minidev:json-smart are vulnerable to Denial of Service DoS due to a StackOverflowError when parsing a deeply nested JSON array or object. When reaching a ‘‘ or ‘‘ character in the JSON input, the code parses an array or an object respectively. It was discovered tha...

CVE-2023-1370 Stack exhaustion in json-smart leads to denial of service when parsing malformed JSON

Json-smart is a performance focused, JSON processor lib. When reaching a ‘‘ or ‘‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays a...

ai.apiverse:apipulse (=1.0.1), ai.catboost:catboost-spark_3.2_2.12 (>=1.0.6 <=1.2.10) +4490 more potentially affected by CVE-2021-31684 via net.minidev:json-smart (>=2.4.1 <=2.4.2)

net.minidev:json-smart MAVEN version =2.4.1, =1.0.6, =1.0.6, =0.13.0, =0.26.0, =0.26.0, =0.0.10, =0.0.6, =0.2.7, =0.2.7, =0.6.1.2, =0.6.6 - au.net.causal.shoelaces:shoelaces-selenium =3.0 - au.net.causal.shoelaces:shoelaces-testing =3.0 and more Source cves: CVE-2021-31684 Source advisory:...

json-smart: uncaught exception may lead to crash or information disclosure

A flaw was found in json-smart. When an exception is thrown from a function, but is not caught, the program using the library may crash or expose sensitive information. The highest threat from this vulnerability is to data confidentiality and system availability. In OpenShift Container Platform...

ai.tock:bot-test (>=20.9.3 <=21.9.2), ai.tock:bot-test-base (>=20.9.3 <=21.9.2) +1415 more potentially affected by CVE-2021-27568 via net.minidev:json-smart (>=1.0.6.3 <=1.3.1)

net.minidev:json-smart MAVEN version =1.0.6.3, =20.9.3, =20.9.3, =20.9.3, =20.9.3, =20.9.3, =20.9.3, =20.9.3, =20.9.3, =20.9.3, =20.9.3, =20.9.3, =20.9.3, =0.0.13, =1.13.3, =1.15.0 - bio.ferlab:datalake-spark302.12 =0.2.39 and more Source cves: CVE-2021-27568 Source advisory: OSV:GHSA-V528-7HRM-F...

Github json-smart-v1 缓冲区错误漏洞

Github json-smart-v1 is a Github open source application . Provides all non-indexed data in the data store as serialized JSON messages stored in the columns function . A security vulnerability exists in JSON Smart versions 1.3 and 2.4, which originates in the indexOf function of JSONParserByteArr...