CVE
GHSA-fg2v-w576-w4v3
Out of bounds read in json-smart
A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions prior to 1.3.3 and 2.4.5 which causes a denial of service (DOS) via a crafted web request.
Package Versions Affected
Package Version
patch Availability
Automatically patch vulnerabilities without upgrading
Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request
CVSS Version
Severity
Base Score
CVSS Version
Score Vector
C
H
U
7.5
-
3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
C
H
U
0
-
3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
C
H
U
7.5
-
3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Related Resources
No items found.
References
https://nvd.nist.gov/vuln/detail/CVE-2021-31684, https://github.com/netplex/json-smart-v1/issues/10, https://github.com/netplex/json-smart-v2/issues/67, https://github.com/netplex/json-smart-v1/pull/11, https://github.com/netplex/json-smart-v2/pull/68, https://github.com/netplex/json-smart-v1, https://lists.debian.org/debian-lts-announce/2023/03/msg00030.html, https://security.netapp.com/advisory/ntap-20240621-0006, https://www.oracle.com/security-alerts/cpujan2022.html, https://www.oracle.com/security-alerts/cpujul2022.html
Basic Information
Ecosystem
