GHSA-rm7j-f5g5-27vv
Suggest an improvement- Source
- https://github.com/advisories/GHSA-rm7j-f5g5-27vv
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-rm7j-f5g5-27vv/GHSA-rm7j-f5g5-27vv.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-rm7j-f5g5-27vv
- Withdrawn
- 2023-11-14T22:24:36Z
- Published
- 2023-10-12T18:30:28Z
- Modified
- 2024-11-28T05:40:35.898028Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Duplicate Advisory: Denial of Service in JSON-Java
- Details
-
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-4jq9-2xhw-jpx7. This link is maintained to preserve external references.
Original Description
Denial of Service in JSON-Java versions prior to 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.
- Database specific
{ "nvd_published_at": "2023-10-12T17:15:10Z", "cwe_ids": [ "CWE-770" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2023-10-12T19:49:51Z" }- References
-
- https://github.com/google/security-research/security/advisories/GHSA-4jq9-2xhw-jpx7
- https://nvd.nist.gov/vuln/detail/CVE-2023-5072
- https://github.com/stleary/JSON-java/issues/758
- https://github.com/stleary/JSON-java/issues/771
- https://github.com/stleary/JSON-java/pull/759
- https://github.com/stleary/JSON-java/commit/60662e2f8384d3449822a3a1179bfe8de67b55bb
- https://github.com/stleary/JSON-java
- https://security.netapp.com/advisory/ntap-20240621-0007
- http://www.openwall.com/lists/oss-security/2023/12/13/4
Affected packages
Maven / org.json:json
Package
- Name
- org.json:json
- View open source insights on deps.dev
- Purl
- pkg:maven/org.json/json
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed20231013