CVE

GHSA-3vqj-43w4-2q58

json stack overflow vulnerability

CVE

GHSA-3vqj-43w4-2q58

json stack overflow vulnerability

A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 and org.json:json before version 20230227 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.

Package Versions Affected

Available

Unavailable

org.json:json 20160212

Available

Unavailable

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading

Detect compatible fix

Apply safe remediation

Fix with a single pull request

CVSS Version

7.5

3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5

3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Related Resources

No items found.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-45688, https://github.com/dromara/hutool/issues/2748, https://github.com/stleary/JSON-java/issues/708, https://github.com/dromara/hutool/commit/6a2b585de0a380e8c12016dbaa1620b69be11b8c, https://github.com/stleary/JSON-java/commit/a6e412bded7a0ad605adfeca029318f184c32102, https://github.com/dromara/hutool/releases/tag/5.8.25

Severity

7.5

CVSS Score

Basic Information

Ecosystem

Base CVSS

7.5

EPSS Probability

0.00911%

EPSS Percentile

0.75321%

Introduced Version

0,4.0.0,5.3.1,5.7.11,20160807,20160810,20170516,20171018,20180130,20180813,20190722,20200518,20201115,20210307,20211205,20220320,20220924,20080701,20090211,20131018,20140107,20141113,20150729,20151123,20160212,chargebee-1.0

Fix Available

5.8.25,20230227

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.

Fix Without Upgrading

Get a Demo

Let's Patch It!

GHSA-3vqj-43w4-2q58