7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
18.7%
org.codehaus.jettison:jettison is vulnerable to Denial of Service (DoS). The vulnerability is due to an infinite loop when constructing a JSONArray
from a Collection that contains a self-reference in one of its elements which leads to a StackOverflowError exception, resulting in an application crash.
CPE | Name | Operator | Version |
---|---|---|---|
jettison | le | 1.5.3 | |
libjettison-java:sid | eq | 1.4.1-1 | |
libjettison-java:sid | eq | 1.4.0-1 | |
jettison | le | 1.5.3 | |
libjettison-java:sid | eq | 1.4.1-1 | |
libjettison-java:sid | eq | 1.4.0-1 |
github.com/advisories/GHSA-q6g2-g7f3-rr83
github.com/jettison-json/jettison/commit/c20a8be23f698d7d89b7ccf8d328971cf4709b9f
github.com/jettison-json/jettison/issues/60
github.com/jettison-json/jettison/pull/62
github.com/jettison-json/jettison/releases/tag/jettison-1.5.4
research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
18.7%