GHSA-3vqj-43w4-2q58

Suggest an improvement
Source
https://github.com/advisories/GHSA-3vqj-43w4-2q58
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-3vqj-43w4-2q58/GHSA-3vqj-43w4-2q58.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-3vqj-43w4-2q58
Aliases
Published
2022-12-13T15:30:26Z
Modified
2024-04-15T20:32:09.965200Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
json stack overflow vulnerability
Details

A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 and org.json:json before version 20230227 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.

References

Affected packages

Maven / cn.hutool:hutool-json

Package

Name
cn.hutool:hutool-json
View open source insights on deps.dev
Purl
pkg:maven/cn.hutool/hutool-json

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.8.25

Affected versions

4.*

4.0.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.0.8
4.0.9
4.0.10
4.0.11
4.0.12
4.1.0
4.1.1
4.1.2
4.1.3
4.1.4
4.1.5
4.1.6
4.1.7
4.1.8
4.1.9
4.1.10
4.1.11
4.1.12
4.1.13
4.1.14
4.1.15
4.1.16
4.1.17
4.1.18
4.1.19
4.1.20
4.1.21
4.2.1
4.3.0
4.3.1
4.3.2
4.4.0
4.4.1
4.4.2
4.4.3
4.4.4
4.4.5
4.5.0
4.5.1
4.5.2
4.5.3
4.5.4
4.5.5
4.5.6
4.5.7
4.5.8
4.5.9
4.5.10
4.5.11
4.5.12
4.5.13
4.5.14
4.5.15
4.5.16
4.5.17
4.5.18
4.6.0
4.6.1
4.6.2
4.6.3
4.6.4
4.6.5
4.6.6
4.6.7
4.6.8
4.6.10
4.6.11
4.6.12
4.6.13
4.6.14
4.6.15
4.6.16
4.6.17

5.*

5.0.0
5.0.1
5.0.2
5.0.3
5.0.4
5.0.5
5.0.6
5.0.7
5.1.0
5.1.1
5.1.2
5.1.3
5.1.4
5.1.5
5.2.0
5.2.1
5.2.2
5.2.3
5.2.4
5.2.5
5.3.0
5.3.1
5.3.2
5.3.3
5.3.4
5.3.5
5.3.6
5.3.7
5.3.8
5.3.9
5.3.10
5.4.0
5.4.1
5.4.2
5.4.3
5.4.4
5.4.5
5.4.6
5.4.7
5.5.0
5.5.1
5.5.2
5.5.3
5.5.4
5.5.5
5.5.6
5.5.7
5.5.8
5.5.9
5.6.0
5.6.1
5.6.2
5.6.3
5.6.4
5.6.5
5.6.6
5.6.7
5.7.0
5.7.1
5.7.2
5.7.3
5.7.4
5.7.5
5.7.6
5.7.7
5.7.8
5.7.9
5.7.10
5.7.11
5.7.12
5.7.13
5.7.14
5.7.15
5.7.16
5.7.17
5.7.18
5.7.19
5.7.20
5.7.21
5.7.22
5.8.0.M1
5.8.0.M2
5.8.0.M3
5.8.0.M4
5.8.0
5.8.1
5.8.2
5.8.3
5.8.4.M1
5.8.4
5.8.5
5.8.6
5.8.7
5.8.8
5.8.9
5.8.10
5.8.11
5.8.12
5.8.13
5.8.14
5.8.15
5.8.16
5.8.17
5.8.18
5.8.19
5.8.20
5.8.21
5.8.22
5.8.23
5.8.24

Maven / org.json:json

Package

Name
org.json:json
View open source insights on deps.dev
Purl
pkg:maven/org.json/json

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
20230227

Affected versions

Other

20070829
20080701
20090211
20131018
20140107
20141113
20150729
20151123
20160212
20160807
20160810
20170516
20171018
20180130
20180813
20190722
20200518
20201115
20210307
20211205
20220320
20220924