OSV-2024-1322

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/fastjson2/OSV-2024-1322.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2024-1322
Published
2024-11-18T00:00:16.618504Z
Modified
2024-11-18T00:00:16.619Z
Summary
Security exception in com.alibaba.fastjson2.JSONReader.readObject
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=379180973

Crash type: Security exception
Crash state:
com.alibaba.fastjson2.JSONReader.readObject
java.base/java.nio.charset.CharsetEncoder.replaceWith
java.base/java.nio.charset.CharsetEncoder.<init>
References

Affected packages

OSS-Fuzz / fastjson2

Package

Name
fastjson2
Purl
pkg:generic/fastjson2

Affected ranges

Type
GIT
Repo
https://github.com/alibaba/fastjson2
Events

Affected versions

2.*

2.0.30
2.0.31
2.0.32
2.0.33
2.0.34.1.android4
2.0.34.android4
2.0.35
2.0.35.android4
2.0.36
2.0.36.android4
2.0.37
2.0.37.android4
2.0.38.android4
2.0.39
2.0.39.android4
2.0.40
2.0.40.android4
2.0.41
2.0.41.android4
2.0.42
2.0.42.android
2.0.43
2.0.43.android4
2.0.44
2.0.44.android
2.0.45
2.0.45.android4
2.0.46
2.0.46.android4
2.0.46.android5
2.0.46.android8
2.0.47
2.0.47.android5
2.0.47.android8
2.0.48
2.0.48.android5
2.0.48.anroid8
2.0.49
2.0.49.android5
2.0.49.android8
2.0.50
2.0.50.android4
2.0.50.android8
2.0.51
2.0.51.android5
2.0.51.android8
2.0.52
2.0.52.android5
2.0.52.android8
2.0.53

Ecosystem specific

{
    "severity": "LOW"
}

Database specific

{
    "introduced_range": "d586134f2f681c7b435b6ad5d9e1d90c3dee7e0a:d7025411289dff4412ef6ed81e7890954ac5cd7e"
}