OESA-2023-1968

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1968

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2023-1968.json

JSON Data

https://api.osv.dev/v1/vulns/OESA-2023-1968

Upstream

CVE-2023-1436

Published

2023-12-22T11:06:35Z

Modified

2025-09-03T06:18:52.305020Z

Summary

jettison security update

Details

Jettison is a collection of Java APIs (like STaX and DOM) which read and write JSON. This allows nearly transparent enablement of JSON based web services in services frameworks like CXF or XML serialization frameworks like XStream.

Security Fix(es):

An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.

(CVE-2023-1436)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:22.03-LTS-SP2 / jettison

Package

Name: jettison
Purl: pkg:rpm/openEuler/jettison&distro=openEuler-22.03-LTS-SP2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.4-1.oe2203sp2

Ecosystem specific

{
    "noarch": [
        "jettison-1.5.4-1.oe2203sp2.noarch.rpm",
        "jettison-javadoc-1.5.4-1.oe2203sp2.noarch.rpm"
    ],
    "src": [
        "jettison-1.5.4-1.oe2203sp2.src.rpm"
    ]
}