PYSEC-2023-149

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/json2xml/PYSEC-2023-149.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2023-149
Aliases
Published
2023-08-22T19:16:00Z
Modified
2023-11-08T04:08:41.383065Z
Summary
[none]
Details

The json2xml package through 3.12.0 for Python allows an error in typecode decoding enabling a remote attack that can lead to an exception, causing a denial of service.

References

Affected packages

PyPI / json2xml

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.14.0

Affected versions

0.*

0.1
0.2
0.3
0.4
0.5
0.6

1.*

1.0.0
1.0.1
1.1.0
1.2.2
1.2.3
1.2.4
1.2.5
1.3.0

2.*

2.0.0
2.1.0
2.1.1
2.2.0
2.2.1
2.3.0

3.*

3.0.0
3.0.1
3.3.0
3.3.1
3.3.2
3.3.3
3.4.0
3.4.1
3.5.0
3.6.0
3.7.0b1
3.7.0b2
3.7.0
3.8.0
3.8.1
3.8.2
3.8.3
3.8.4
3.9.0
3.10.0rc1
3.10.0
3.12.0