CVE-2021-23900

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-23900
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-23900.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-23900
Aliases
Published
2021-01-13T16:15:14.490Z
Modified
2026-04-11T13:53:54.334591Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these situations.

References

Affected packages

Git / github.com/owasp/json-sanitizer

Affected ranges

Type
GIT
Repo
https://github.com/owasp/json-sanitizer
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
c999c7f93096f927273c87bf439d7a992e3a39dc
Fixed
a37f594f7378a1c76b3283e0dab9e1ab1dc0247e
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.2.2"
        }
    ]
}

Affected versions

json-sanitizer-1.*
json-sanitizer-1.0
json-sanitizer-1.1
v1.*
v1.2.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-23900.json"
vanir_signatures_modified 
"2026-04-11T13:53:54Z"
vanir_signatures 
[
    {
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/owasp/json-sanitizer/commit/a37f594f7378a1c76b3283e0dab9e1ab1dc0247e",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "323372626607349166269134064051460937550",
                "281540624948202154016147908277489889112",
                "10422161611163388661781270418470123039",
                "293625421098164197743335124240358941919",
                "50888934875141958073919872945025375517",
                "156345042501500560997947285871748547822",
                "190614891019192016033089170304439273891",
                "206108665404963412418727983737632459797",
                "311264598422190495706136753924968620857"
            ]
        },
        "id": "CVE-2021-23900-64d45075",
        "deprecated": false,
        "target": {
            "file": "src/test/java/com/google/json/JsonSanitizerTest.java"
        }
    },
    {
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/owasp/json-sanitizer/commit/a37f594f7378a1c76b3283e0dab9e1ab1dc0247e",
        "digest": {
            "function_hash": "105576089061181633384202976764767995078",
            "length": 857.0
        },
        "id": "CVE-2021-23900-6ec1aa4c",
        "deprecated": false,
        "target": {
            "file": "src/test/java/com/google/json/FuzzyTest.java",
            "function": "testSanitizerLikesFuzzyWuzzyInputs"
        }
    },
    {
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/owasp/json-sanitizer/commit/a37f594f7378a1c76b3283e0dab9e1ab1dc0247e",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "186860049387706252174710437488261035074",
                "118898535682368993706272517936523330768",
                "77754662574044532338395744154173700562",
                "145565775578802715228502711527023464545",
                "282013172137993518429794730838349675663",
                "31819421180844700569333099366287102771",
                "12372445699804039305383296177418473916"
            ]
        },
        "id": "CVE-2021-23900-f59aed4b",
        "deprecated": false,
        "target": {
            "file": "src/test/java/com/google/json/FuzzyTest.java"
        }
    }
]