Lucene search
+L

172 matches found

OSV
OSV
added 2023/03/22 6:15 a.m.4 views

UBUNTU-CVE-2023-1370

Json-smart is a performance focused, JSON processor lib. When reaching a ‘‘ or ‘‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays a...

7.5CVSS6.8AI score0.01119EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/03/22 12:0 a.m.3 views

netplex json-smart 安全漏洞

netplex json-smart is an open source JSON Java parser. A security vulnerability exists in netplex json-smart, which stems from code that does not have any restrictions on the nesting of arrays or objects that arrive in JSON input, and the parsing of nested arrays and objects is done recursively,...

7.5CVSS6.6AI score0.01119EPSS
Exploits1References20
Vulnrichment
Vulnrichment
added 2023/03/13 9:4 a.m.13 views

CVE-2023-1370 Stack exhaustion in json-smart leads to denial of service when parsing malformed JSON

Json-smart is a performance focused, JSON processor lib. When reaching a ‘‘ or ‘‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays a...

7.5CVSS7.7AI score0.01119EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/03/13 9:4 a.m.32 views

CVE-2023-1370 Stack exhaustion in json-smart leads to denial of service when parsing malformed JSON

Json-smart is a performance focused, JSON processor lib. When reaching a ‘‘ or ‘‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays a...

7.5CVSS7.8AI score0.01119EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2023/03/13 9:4 a.m.73 views

CVE-2023-1370

Json-smart is a performance focused, JSON processor lib. When reaching a ‘‘ or ‘‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays a...

7.5CVSS6.6AI score0.01119EPSS
Exploits1
CVE
CVE
added 2023/03/13 9:4 a.m.1060 views

CVE-2023-1370

The CVE-2023-1370 entry concerns Netplex Json-smart, a JSON processing library. Public materials in the connected docs confirm a stack-exhaustion (DoS) due to unbounded nesting when parsing nested arrays/objects in JSON input, caused by recursive parsing. Affected version range is 2.5.0 through 2...

7.5CVSS7.8AI score0.01119EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/03/13 12:0 a.m.4 views

PT-2023-4904 · Unknown +4 · Json Smart +5

Name of the Vulnerable Software and Affected Versions: Json-smart versions 2.5.0 through 2.5.1 Description: The issue is related to uncontrolled recursion in the Json-smart library. When the library encounters a '' or '' character in the JSON input, it parses an object or array respectively...

7.8CVSS6.1AI score0.023EPSS
Exploits2References50
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/06 9:23 p.m.70 views

Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.

Summary Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak. Apache Commons is used by IBM Robotic Process Automation as part of the Watson NLP functionality CVE-2022-42889. Connect2id Nimbus JOSE+JWT is used by IBM Robotic Process Automation as part of the...

6.8CVSS9.9AI score0.99931EPSS
Exploits57Affected Software1
RedHat Linux
RedHat Linux
added 2022/11/28 2:39 p.m.6 views

json-smart: Denial of Service in JSONParserByteArray function

A flaw was found in the json-smart package in the JSONParserByteArray. This flaw allows an attacker to cause a denial of service...

7.5CVSS7.3AI score0.023EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2022/11/28 2:39 p.m.105 views

Important: Red Hat Security Advisory: Red Hat Fuse 7.11.1 release and security update

A minor version update from 7.11 to 7.11.1 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

9.8CVSS7.1AI score0.99931EPSS
Exploits57References18
RedhatCVE
RedhatCVE
added 2022/06/30 1:35 p.m.41 views

CVE-2021-31684

A flaw was found in the json-smart package in the JSONParserByteArray. This flaw allows an attacker to cause a denial of service...

7.5CVSS4.6AI score0.023EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/22 3:20 p.m.317 views

Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities

Summary Security vulnerabilities have been addressed in IBM Cognos Analytics 11.1.7 FP5. These vulnerabilities have also been previously addressed in IBM Cognos Analytics 11.2.2. The following 3rd party components are used by IBM Cognos Analytics: Apache Axis is a Java based Web Services engine f...

10CVSS0.6AI score0.44515EPSS
Exploits37Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/03/11 12:0 a.m.11 views

The vulnerability of the json-smart-v1 and json-smart-v2 libraries, which stems from insufficient checking of unusual or exceptional states, allows attackers to trigger an emergency shutdown of the application or disclose protected information.

The vulnerability of the json-smart-v1 and json-smart-v2 libraries is related to insufficient checking of unusual or exceptional states. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause an application to terminate abnormally or expose protected information...

9.4CVSS6.6AI score0.02886EPSS
Exploits1References6Affected Software9
vulnersOsv
vulnersOsv
added 2022/02/10 10:46 p.m.12 views

ai.tripl:arc-jupyter_2.11 (>=0.0.13 <=0.0.14), ai.tripl:arc_2.11 (>=1.13.3 <=1.15.0) +728 more potentially affected by CVE-2021-31684 via net.minidev:json-smart (>=1.3.1 <=1.3.2)

net.minidev:json-smart MAVEN version =1.3.1, =0.0.13, =1.13.3, =5.1.15, =5.1.17.50-beta - com.aliyun.hbase:alihbase-assembly =2.0.2 - com.aliyun.hbase:alihbase-endpoint =2.0.2 - com.aliyun.hbase:alihbase-examples =2.0.2 - com.aliyun.hbase:alihbase-external-blockcache =2.0.2 -...

7.5CVSS6.7AI score0.023EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/02/10 10:46 p.m.5 views

ai.apiverse:apipulse (=1.0.1), ai.catboost:catboost-spark_3.2_2.12 (>=1.0.6 <=1.2.10) +4521 more potentially affected by CVE-2021-31684 via net.minidev:json-smart (>=2.4.1 <=2.4.2)

net.minidev:json-smart MAVEN version =2.4.1, =1.0.6, =1.0.6, =0.13.0, =0.26.0, =0.26.0, =0.0.10, =0.0.6, =0.2.7, =0.2.7, =0.6.1.2, =0.6.6 - au.net.causal.shoelaces:shoelaces-selenium =3.0 - au.net.causal.shoelaces:shoelaces-testing =3.0 and more Source cves: CVE-2021-31684 Source advisory:...

7.5CVSS6.7AI score0.023EPSS
Exploits1
OSV
OSV
added 2022/02/10 10:46 p.m.3 views

GHSA-FG2V-W576-W4V3 Out of bounds read in json-smart

A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions prior to 1.3.3 and 2.4.5 which causes a denial of service DOS via a crafted web request...

7.5CVSS6.8AI score0.023EPSS
Exploits1References10
Github Security Blog
Github Security Blog
added 2022/02/10 10:46 p.m.56 views

Out of bounds read in json-smart

A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions prior to 1.3.3 and 2.4.5 which causes a denial of service DOS via a crafted web request...

7.5CVSS4AI score0.023EPSS
Exploits1References10Affected Software1
RedHat Linux
RedHat Linux
added 2021/12/14 9:31 p.m.7 views

json-smart: uncaught exception may lead to crash or information disclosure

A flaw was found in json-smart. When an exception is thrown from a function, but is not caught, the program using the library may crash or expose sensitive information. The highest threat from this vulnerability is to data confidentiality and system availability. In OpenShift Container Platform...

5.9CVSS6.9AI score0.02886EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2021/12/14 9:31 p.m.103 views

Critical: Red Hat Security Advisory: Red Hat Fuse 7.10.0 release and security update

A minor version update from 7.9 to 7.10 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring...

10CVSS7.1AI score0.99999EPSS
Exploits392References58
RedHat Linux
RedHat Linux
added 2021/12/02 4:17 p.m.53 views

Moderate: Red Hat Security Advisory: Red Hat Integration Camel-K 1.6 release and security update

A minor version update from 1.4.2 to 1.6 is now available for Red Hat Integration Camel K that includes bug fixes and enhancements. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a...

9.9CVSS7.5AI score0.98124EPSS
Exploits27References35
Rows per page
Query Builder