CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6 matches found

Prion•added 2023/11/03 9:15 a.m.•45 views

Input validation

In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead malicious actors to exploit the fact that the built-in support for parsing numbers with large scale in Java has a number of edge cases where the input text of a number can lead to much larger processi...

5CVSS7.5AI score0.0015EPSS

Exploits1References2Affected Software1

CVE•added 2023/11/03 8:11 a.m.•137 views

CVE-2023-4043

CVE-2023-4043 affects Eclipse Parsson prior to 1.1.4 and 1.0.5. The root cause is a DoS in JSON number parsing when handling very large numbers, due to edge cases in the Java BigDecimal parsing path. The issue can be triggered by specially crafted input and can lead to much longer processing time...

7.5CVSS6.4AI score0.0015EPSS

Exploits1References2Affected Software1

OSV•added 2023/07/07 12:30 p.m.•0 views

GHSA-CRQG-JRPJ-FC84 Apache Johnzon Deserialization of Untrusted Data vulnerability

A malicious attacker can craft up some JSON input that uses large numbers numbers such as 1e20000000 that Apache Johnzon will deserialize into BigDecimal and maybe use numbers too large which may result in a slow conversion Denial of service risk. Apache Johnzon 1.2.21 mitigates this by setting a...

5.3CVSS6.4AI score0.00158EPSS

Exploits0References5

NVD•added 2023/07/07 10:15 a.m.•16 views

CVE-2023-33008

Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache Johnzon. A malicious attacker can craft up some JSON input that uses large numbers numbers such as 1e20000000 that Apache Johnzon will deserialize into BigDecimal and maybe use numbers too large which may result ...

5.3CVSS5.4AI score0.00158EPSS

Exploits0References1

Prion•added 2023/07/07 10:15 a.m.•22 views

Deserialization of untrusted data

5CVSS5.3AI score0.00158EPSS

Exploits0References1Affected Software1