OSV-2024-964

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/fastjson2/OSV-2024-964.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2024-964

Published

2024-08-16T00:14:15.405443Z

Modified

2024-08-16T00:14:15.405835Z

Summary

Security exception in com.alibaba.fastjson2.JSONPathSegment$CycleNameSegment$MapLoop.accept

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69767

Crash type: Security exception
Crash state:
com.alibaba.fastjson2.JSONPathSegment$CycleNameSegment$MapLoop.accept
java.base/java.util.ArrayList.forEach
java.base/java.nio.charset.CharsetEncoder.<init>

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69767

Affected packages

OSS-Fuzz / fastjson2

Package

Name: fastjson2
Purl: pkg:generic/fastjson2

Affected ranges

Type: GIT
Repo: https://github.com/alibaba/fastjson2
Events: Introduced

49187086ed42d64866ab127b4418bcd5553f71ad

Fixed

c9b25596692344d052978539120c0862b1f8c047

Affected versions

2.*

2.0.45

2.0.46

2.0.47

2.0.48

2.0.49

2.0.50

2.0.51

2.0.52

Ecosystem specific

{
    "severity": "LOW"
}

Database specific

{
    "introduced_range": "67e1e7468465f8ebcbdba5a37ab0f416fb0bf8b8:ee937035b9c49481aa210fc5156ea31a86e5a8b2",
    "fixed_range": "3a3075848965601bc59fe704099a15f20ce281aa:c9b25596692344d052978539120c0862b1f8c047"
}