172 matches found
UBUNTU-CVE-2023-1370
Json-smart is a performance focused, JSON processor lib. When reaching a ‘‘ or ‘‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays a...
netplex json-smart 安全漏洞
netplex json-smart is an open source JSON Java parser. A security vulnerability exists in netplex json-smart, which stems from code that does not have any restrictions on the nesting of arrays or objects that arrive in JSON input, and the parsing of nested arrays and objects is done recursively,...
CVE-2023-1370 Stack exhaustion in json-smart leads to denial of service when parsing malformed JSON
Json-smart is a performance focused, JSON processor lib. When reaching a ‘‘ or ‘‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays a...
CVE-2023-1370 Stack exhaustion in json-smart leads to denial of service when parsing malformed JSON
Json-smart is a performance focused, JSON processor lib. When reaching a ‘‘ or ‘‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays a...
CVE-2023-1370
Json-smart is a performance focused, JSON processor lib. When reaching a ‘‘ or ‘‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays a...
CVE-2023-1370
The CVE-2023-1370 entry concerns Netplex Json-smart, a JSON processing library. Public materials in the connected docs confirm a stack-exhaustion (DoS) due to unbounded nesting when parsing nested arrays/objects in JSON input, caused by recursive parsing. Affected version range is 2.5.0 through 2...
PT-2023-4904 · Unknown +4 · Json Smart +5
Name of the Vulnerable Software and Affected Versions: Json-smart versions 2.5.0 through 2.5.1 Description: The issue is related to uncontrolled recursion in the Json-smart library. When the library encounters a '' or '' character in the JSON input, it parses an object or array respectively...
Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.
Summary Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak. Apache Commons is used by IBM Robotic Process Automation as part of the Watson NLP functionality CVE-2022-42889. Connect2id Nimbus JOSE+JWT is used by IBM Robotic Process Automation as part of the...
json-smart: Denial of Service in JSONParserByteArray function
A flaw was found in the json-smart package in the JSONParserByteArray. This flaw allows an attacker to cause a denial of service...
Important: Red Hat Security Advisory: Red Hat Fuse 7.11.1 release and security update
A minor version update from 7.11 to 7.11.1 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...
CVE-2021-31684
A flaw was found in the json-smart package in the JSONParserByteArray. This flaw allows an attacker to cause a denial of service...
Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities
Summary Security vulnerabilities have been addressed in IBM Cognos Analytics 11.1.7 FP5. These vulnerabilities have also been previously addressed in IBM Cognos Analytics 11.2.2. The following 3rd party components are used by IBM Cognos Analytics: Apache Axis is a Java based Web Services engine f...
The vulnerability of the json-smart-v1 and json-smart-v2 libraries, which stems from insufficient checking of unusual or exceptional states, allows attackers to trigger an emergency shutdown of the application or disclose protected information.
The vulnerability of the json-smart-v1 and json-smart-v2 libraries is related to insufficient checking of unusual or exceptional states. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause an application to terminate abnormally or expose protected information...
ai.tripl:arc-jupyter_2.11 (>=0.0.13 <=0.0.14), ai.tripl:arc_2.11 (>=1.13.3 <=1.15.0) +728 more potentially affected by CVE-2021-31684 via net.minidev:json-smart (>=1.3.1 <=1.3.2)
net.minidev:json-smart MAVEN version =1.3.1, =0.0.13, =1.13.3, =5.1.15, =5.1.17.50-beta - com.aliyun.hbase:alihbase-assembly =2.0.2 - com.aliyun.hbase:alihbase-endpoint =2.0.2 - com.aliyun.hbase:alihbase-examples =2.0.2 - com.aliyun.hbase:alihbase-external-blockcache =2.0.2 -...
ai.apiverse:apipulse (=1.0.1), ai.catboost:catboost-spark_3.2_2.12 (>=1.0.6 <=1.2.10) +4521 more potentially affected by CVE-2021-31684 via net.minidev:json-smart (>=2.4.1 <=2.4.2)
net.minidev:json-smart MAVEN version =2.4.1, =1.0.6, =1.0.6, =0.13.0, =0.26.0, =0.26.0, =0.0.10, =0.0.6, =0.2.7, =0.2.7, =0.6.1.2, =0.6.6 - au.net.causal.shoelaces:shoelaces-selenium =3.0 - au.net.causal.shoelaces:shoelaces-testing =3.0 and more Source cves: CVE-2021-31684 Source advisory:...
GHSA-FG2V-W576-W4V3 Out of bounds read in json-smart
A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions prior to 1.3.3 and 2.4.5 which causes a denial of service DOS via a crafted web request...
Out of bounds read in json-smart
A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions prior to 1.3.3 and 2.4.5 which causes a denial of service DOS via a crafted web request...
json-smart: uncaught exception may lead to crash or information disclosure
A flaw was found in json-smart. When an exception is thrown from a function, but is not caught, the program using the library may crash or expose sensitive information. The highest threat from this vulnerability is to data confidentiality and system availability. In OpenShift Container Platform...
Critical: Red Hat Security Advisory: Red Hat Fuse 7.10.0 release and security update
A minor version update from 7.9 to 7.10 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring...
Moderate: Red Hat Security Advisory: Red Hat Integration Camel-K 1.6 release and security update
A minor version update from 1.4.2 to 1.6 is now available for Red Hat Integration Camel K that includes bug fixes and enhancements. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a...