GHSA-whgh-g24c-3j5q

Source

https://github.com/advisories/GHSA-whgh-g24c-3j5q

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-whgh-g24c-3j5q/GHSA-whgh-g24c-3j5q.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-whgh-g24c-3j5q

Aliases

CVE-2022-45690

Published

2022-12-13T15:30:26Z

Modified

2024-11-30T05:28:21.408607Z

Summary

hutool-json stack overflow vulnerability

Details

A stack overflow in the org.json.JSONTokener.nextValue::JSONTokener.java component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.

Database specific

{
    "nvd_published_at": "2022-12-13T15:15:00Z",
    "cwe_ids": [],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-12-13T19:23:13Z"
}

References

Affected packages

Maven / cn.hutool:hutool-json

Package

Name: cn.hutool:hutool-json; View open source insights on deps.dev
Purl: pkg:maven/cn.hutool/hutool-json

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.8.11

Affected versions

4.*

4.0.0

4.0.1

4.0.2

4.0.3

4.0.4

4.0.5

4.0.6

4.0.7

4.0.8

4.0.9

4.0.10

4.0.11

4.0.12

4.1.0

4.1.1

4.1.2

4.1.3

4.1.4

4.1.5

4.1.6

4.1.7

4.1.8

4.1.9

4.1.10

4.1.11

4.1.12

4.1.13

4.1.14

4.1.15

4.1.16

4.1.17

4.1.18

4.1.19

4.1.20

4.1.21

4.2.1

4.3.0

4.3.1

4.3.2

4.4.0

4.4.1

4.4.2

4.4.3

4.4.4

4.4.5

4.5.0

4.5.1

4.5.2

4.5.3

4.5.4

4.5.5

4.5.6

4.5.7

4.5.8

4.5.9

4.5.10

4.5.11

4.5.12

4.5.13

4.5.14

4.5.15

4.5.16

4.5.17

4.5.18

4.6.0

4.6.1

4.6.2

4.6.3

4.6.4

4.6.5

4.6.6

4.6.7

4.6.8

4.6.10

4.6.11

4.6.12

4.6.13

4.6.14

4.6.15

4.6.16

4.6.17

5.*

5.0.0

5.0.1

5.0.2

5.0.3

5.0.4

5.0.5

5.0.6

5.0.7

5.1.0

5.1.1

5.1.2

5.1.3

5.1.4

5.1.5

5.2.0

5.2.1

5.2.2

5.2.3

5.2.4

5.2.5

5.3.0

5.3.1

5.3.2

5.3.3

5.3.4

5.3.5

5.3.6

5.3.7

5.3.8

5.3.9

5.3.10

5.4.0

5.4.1

5.4.2

5.4.3

5.4.4

5.4.5

5.4.6

5.4.7

5.5.0

5.5.1

5.5.2

5.5.3

5.5.4

5.5.5

5.5.6

5.5.7

5.5.8

5.5.9

5.6.0

5.6.1

5.6.2

5.6.3

5.6.4

5.6.5

5.6.6

5.6.7

5.7.0

5.7.1

5.7.2

5.7.3

5.7.4

5.7.5

5.7.6

5.7.7

5.7.8

5.7.9

5.7.10

5.7.11

5.7.12

5.7.13

5.7.14

5.7.15

5.7.16

5.7.17

5.7.18

5.7.19

5.7.20

5.7.21

5.7.22

5.8.0.M1

5.8.0.M2

5.8.0.M3

5.8.0.M4

5.8.0

5.8.1

5.8.2

5.8.3

5.8.4.M1

5.8.4

5.8.5

5.8.6

5.8.7

5.8.8

5.8.9

5.8.10

Database specific

{
    "last_known_affected_version_range": "<= 5.8.10"
}