CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

vulnersOsv•added 2022/06/28 11:23 p.m.•4 views

net.virtual-void:json-lenses_2.9.3 (=0.5.4) potentially affected by CVE-2018-18855 via io.spray:spray-json_2.9.3 (=1.2.5)

io.spray:spray-json2.9.3 MAVEN version =1.2.5 is affected by a known vulnerability. The following packages have a transitive dependency on io.spray:spray-json2.9.3 and may be impacted: - net.virtual-void:json-lenses2.9.3 =0.5.4 Source cves: CVE-2018-18855 Source advisory: OSV:GHSA-WW3V-6XJF-JV28...

com.storm-enroute:scalameter_2.13.0-M3 (>=0.14 <=0.18) potentially affected by CVE-2018-18855 via io.spray:spray-json_2.13.0-M2 (=1.3.4)

io.spray:spray-json2.13.0-M2 MAVEN version =1.3.4 is affected by a known vulnerability. The following packages have a transitive dependency on io.spray:spray-json2.13.0-M2 and may be impacted: - com.storm-enroute:scalameter2.13.0-M3 =0.14, =0.18 Source cves: CVE-2018-18855 Source advisory:...

vulnersOsv•added 2022/06/28 11:23 p.m.•3 views

io.lemonlabs:scala-uri_2.13.0-M4 (>=1.3.0 <=1.4.5) potentially affected by CVE-2018-18855 via io.spray:spray-json_2.13.0-M4 (=1.3.4)

io.spray:spray-json2.13.0-M4 MAVEN version =1.3.4 is affected by a known vulnerability. The following packages have a transitive dependency on io.spray:spray-json2.13.0-M4 and may be impacted: - io.lemonlabs:scala-uri2.13.0-M4 =1.3.0, =1.4.5 Source cves: CVE-2018-18855 Source advisory:...

com.storm-enroute:scalameter_2.12.0-RC1 (>=0.8 <=0.8.1), com.typesafe.akka:akka-http-spray-json-experimental_2.12.0-RC1 (>=2.4.10 <=2.4.11) +1 more potentially affected by CVE-2018-18855 via io.spray:spray-json_2.12.0-RC1 (=1.3.2)

io.spray:spray-json2.12.0-RC1 MAVEN version =1.3.2 is affected by a known vulnerability. The following packages have a transitive dependency on io.spray:spray-json2.12.0-RC1 and may be impacted: - com.storm-enroute:scalameter2.12.0-RC1 =0.8, =2.4.10, =2.4.11 - org.spire-math:jawn-spray2.12.0-RC1...

com.github.fommil:spray-json-shapeless_2.12.0-RC2 (=1.3.0), com.typesafe.akka:akka-http-spray-json-experimental_2.12.0-RC2 (=2.4.11) +1 more potentially affected by CVE-2018-18855 via io.spray:spray-json_2.12.0-RC2 (=1.3.2)

io.spray:spray-json2.12.0-RC2 MAVEN version =1.3.2 is affected by a known vulnerability. The following packages have a transitive dependency on io.spray:spray-json2.12.0-RC2 and may be impacted: - com.github.fommil:spray-json-shapeless2.12.0-RC2 =1.3.0 -...

ai.deepsense:seahorse-executor-commons_2.11 (>=1.4.2 <=1.4.3), ai.deepsense:seahorse-executor-deeplang_2.11 (>=1.4.2 <=1.4.3) +505 more potentially affected by CVE-2018-18855 via io.spray:spray-json_2.11 (>=1.2.6 <=1.3.4)

io.spray:spray-json2.11 MAVEN version =1.2.6, =1.4.2, =1.4.2, =1.4.2, =1.4.2, =1.4, =1.0, =0.1.3, =0.1.14, =1.0.0, =0.1.0, =0.5.0, =0.11.1, =0.15.2, =0.5.0, =0.0.8, =0.0.12 and more Source cves: CVE-2018-18855 Source advisory: OSV:GHSA-WW3V-6XJF-JV28...

ai.agnos:reactive-sparql_2.12 (>=0.3.0 <=0.3.1), be.cetic:rts-gen_2.12 (>=0.1.3 <=0.1.13) +382 more potentially affected by CVE-2018-18855 via io.spray:spray-json_2.12 (>=1.3.2 <=1.3.4)

io.spray:spray-json2.12 MAVEN version =1.3.2, =0.3.0, =0.1.3, =0.1.14, =0.11.1, =0.15.2, =0.2.0, =0.0.82.12, =1.23.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0-RC8 - com.chudsaviet.gradle.avrohugger:com.chudsaviet.gradle.avrohugger.gradle.plugin =0.2.4 - com.cra.figaro:figaro2.12 =5.0.0.0 and more Source...

co.actioniq:scalavro-core_2.10 (=0.6.3-c3b519ae67902e6e94aab5b6635744250534e0d0), co.actioniq:scalavro_2.10 (=0.6.3-c3b519ae67902e6e94aab5b6635744250534e0d0) +210 more potentially affected by CVE-2018-18855 via io.spray:spray-json_2.10 (>=1.2.5 <=1.3.4)

io.spray:spray-json2.10 MAVEN version =1.2.5, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.3 and more Source cves: CVE-2018-18855 Source advisory: OSV:GHSA-WW3V-6XJF-JV28...

com.typesafe.akka:akka-http-spray-json-experimental_2.12.0-M3 (>=2.4.2 <=2.4.3) potentially affected by CVE-2018-18855 via io.spray:spray-json_2.12.0-M3 (=1.3.2)

io.spray:spray-json2.12.0-M3 MAVEN version =1.3.2 is affected by a known vulnerability. The following packages have a transitive dependency on io.spray:spray-json2.12.0-M3 and may be impacted: - com.typesafe.akka:akka-http-spray-json-experimental2.12.0-M3 =2.4.2, =2.4.3 Source cves: CVE-2018-1885...

com.pauldijou:jwt-spray-json_2.13.0-M5 (>=2.1.0 <=3.0.0), org.typelevel:jawn-spray_2.13.0-M5 (=0.14.0) potentially affected by CVE-2018-18855 via io.spray:spray-json_2.13.0-M5 (=1.3.4)

io.spray:spray-json2.13.0-M5 MAVEN version =1.3.4 is affected by a known vulnerability. The following packages have a transitive dependency on io.spray:spray-json2.13.0-M5 and may be impacted: - com.pauldijou:jwt-spray-json2.13.0-M5 =2.1.0, =3.0.0 - org.typelevel:jawn-spray2.13.0-M5 =0.14.0 Sourc...

Github Security Blog•added 2022/06/28 11:23 p.m.•13 views

Uncontrolled Resource Consumption in Spray JSON

Recursive decent parsers are susceptible too StackOverflowExceptions on too deeply nested structures as currently "open" parsing state is kept on the stack...

3.7AI score

Exploits0References3Affected Software12

com.typesafe.akka:akka-http-spray-json-experimental_2.12.0-M5 (=2.4.8) potentially affected by CVE-2018-18855 via io.spray:spray-json_2.12.0-M5 (=1.3.2)

io.spray:spray-json2.12.0-M5 MAVEN version =1.3.2 is affected by a known vulnerability. The following packages have a transitive dependency on io.spray:spray-json2.12.0-M5 and may be impacted: - com.typesafe.akka:akka-http-spray-json-experimental2.12.0-M5 =2.4.8 Source cves: CVE-2018-18855 Source...

com.github.tminglei:slick-pg_spray-json_2.11 (=0.6.0-M1) potentially affected by CVE-2018-18855 via io.spray:spray-json_2.11.0-RC4 (=1.2.6)

io.spray:spray-json2.11.0-RC4 MAVEN version =1.2.6 is affected by a known vulnerability. The following packages have a transitive dependency on io.spray:spray-json2.11.0-RC4 and may be impacted: - com.github.tminglei:slick-pgspray-json2.11 =0.6.0-M1 Source cves: CVE-2018-18855 Source advisory:...