Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-7k5m-ys11-mfby

Summary

json-smart Uncontrolled Recursion vulnerability
Affected versions of [net.minidev:json-smart](https://github.com/netplex/json-smart-v1) are vulnerable to Denial of Service (DoS) due to a StackOverflowError when parsing a deeply nested JSON array or object.

When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the 3PP does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.

Aliases

alias	CVE-2023-1370

alias	GHSA-493p-pfq6-5258

Fixed_packages

url	pkg:deb/debian/json-smart@2.2-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/json-smart@2.2-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/json-smart@2.2-2%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/json-smart@2.2-2%2Bdeb11u1
purl	pkg:deb/debian/json-smart@2.2-2%2Bdeb11u1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/json-smart@2.2-2%252Bdeb11u1

url	pkg:deb/debian/json-smart@2.2-2%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/json-smart@2.2-2%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/json-smart@2.2-2%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/json-smart@2.2-3?distro=trixie
purl	pkg:deb/debian/json-smart@2.2-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/json-smart@2.2-3%3Fdistro=trixie

url	pkg:deb/debian/json-smart@2.5.2-1?distro=trixie
purl	pkg:deb/debian/json-smart@2.5.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/json-smart@2.5.2-1%3Fdistro=trixie

url	pkg:maven/net.minidev/json-smart@2.4.9
purl	pkg:maven/net.minidev/json-smart@2.4.9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/net.minidev/json-smart@2.4.9

Affected_packages

url pkg:deb/debian/json-smart@2.2-1

purl pkg:deb/debian/json-smart@2.2-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7k5m-ys11-mfby

vulnerability	VCID-wg6b-e8ts-w7ct

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/json-smart@2.2-1

url pkg:deb/debian/json-smart@2.2-2

purl pkg:deb/debian/json-smart@2.2-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7k5m-ys11-mfby

vulnerability	VCID-wg6b-e8ts-w7ct

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/json-smart@2.2-2

url pkg:maven/net.minidev/json-smart@1.0.6.3

purl pkg:maven/net.minidev/json-smart@1.0.6.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7k5m-ys11-mfby

vulnerability	VCID-tdfp-krep-5ffe

vulnerability	VCID-wg6b-e8ts-w7ct

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/net.minidev/json-smart@1.0.6.3

url pkg:maven/net.minidev/json-smart@1.0.8

purl pkg:maven/net.minidev/json-smart@1.0.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7k5m-ys11-mfby

vulnerability	VCID-tdfp-krep-5ffe

vulnerability	VCID-wg6b-e8ts-w7ct

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/net.minidev/json-smart@1.0.8

url pkg:maven/net.minidev/json-smart@1.0.9

purl pkg:maven/net.minidev/json-smart@1.0.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7k5m-ys11-mfby

vulnerability	VCID-tdfp-krep-5ffe

vulnerability	VCID-wg6b-e8ts-w7ct

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/net.minidev/json-smart@1.0.9

url pkg:maven/net.minidev/json-smart@1.0.9-1

purl pkg:maven/net.minidev/json-smart@1.0.9-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7k5m-ys11-mfby

vulnerability	VCID-tdfp-krep-5ffe

vulnerability	VCID-wg6b-e8ts-w7ct

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/net.minidev/json-smart@1.0.9-1

url pkg:maven/net.minidev/json-smart@1.1

purl pkg:maven/net.minidev/json-smart@1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7k5m-ys11-mfby

vulnerability	VCID-tdfp-krep-5ffe

vulnerability	VCID-wg6b-e8ts-w7ct

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/net.minidev/json-smart@1.1

url pkg:maven/net.minidev/json-smart@1.1.1

purl pkg:maven/net.minidev/json-smart@1.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7k5m-ys11-mfby

vulnerability	VCID-tdfp-krep-5ffe

vulnerability	VCID-wg6b-e8ts-w7ct

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/net.minidev/json-smart@1.1.1

url pkg:maven/net.minidev/json-smart@1.2

purl pkg:maven/net.minidev/json-smart@1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7k5m-ys11-mfby

vulnerability	VCID-tdfp-krep-5ffe

vulnerability	VCID-wg6b-e8ts-w7ct

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/net.minidev/json-smart@1.2

url pkg:maven/net.minidev/json-smart@1.3

purl pkg:maven/net.minidev/json-smart@1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7k5m-ys11-mfby

vulnerability	VCID-tdfp-krep-5ffe

vulnerability	VCID-wg6b-e8ts-w7ct

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/net.minidev/json-smart@1.3

url pkg:maven/net.minidev/json-smart@1.3.1

purl pkg:maven/net.minidev/json-smart@1.3.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7k5m-ys11-mfby

vulnerability	VCID-tdfp-krep-5ffe

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/net.minidev/json-smart@1.3.1

url pkg:maven/net.minidev/json-smart@1.3.2

purl pkg:maven/net.minidev/json-smart@1.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7k5m-ys11-mfby

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/net.minidev/json-smart@1.3.2

url pkg:maven/net.minidev/json-smart@1.3.3

purl pkg:maven/net.minidev/json-smart@1.3.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7k5m-ys11-mfby

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/net.minidev/json-smart@1.3.3

url pkg:maven/net.minidev/json-smart@2.0-RC1

purl pkg:maven/net.minidev/json-smart@2.0-RC1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7k5m-ys11-mfby

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/net.minidev/json-smart@2.0-RC1

url pkg:maven/net.minidev/json-smart@2.0-RC2

purl pkg:maven/net.minidev/json-smart@2.0-RC2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7k5m-ys11-mfby

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/net.minidev/json-smart@2.0-RC2

url pkg:maven/net.minidev/json-smart@2.0-RC3

purl pkg:maven/net.minidev/json-smart@2.0-RC3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7k5m-ys11-mfby

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/net.minidev/json-smart@2.0-RC3

url pkg:maven/net.minidev/json-smart@2.0

purl pkg:maven/net.minidev/json-smart@2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7k5m-ys11-mfby

vulnerability	VCID-tdfp-krep-5ffe

vulnerability	VCID-wg6b-e8ts-w7ct

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/net.minidev/json-smart@2.0

url pkg:maven/net.minidev/json-smart@2.1.0

purl pkg:maven/net.minidev/json-smart@2.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7k5m-ys11-mfby

vulnerability	VCID-tdfp-krep-5ffe

vulnerability	VCID-wg6b-e8ts-w7ct

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/net.minidev/json-smart@2.1.0

url pkg:maven/net.minidev/json-smart@2.1.1

purl pkg:maven/net.minidev/json-smart@2.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7k5m-ys11-mfby

vulnerability	VCID-tdfp-krep-5ffe

vulnerability	VCID-wg6b-e8ts-w7ct

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/net.minidev/json-smart@2.1.1

url pkg:maven/net.minidev/json-smart@2.2

purl pkg:maven/net.minidev/json-smart@2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7k5m-ys11-mfby

vulnerability	VCID-tdfp-krep-5ffe

vulnerability	VCID-wg6b-e8ts-w7ct

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/net.minidev/json-smart@2.2

url pkg:maven/net.minidev/json-smart@2.2.1

purl pkg:maven/net.minidev/json-smart@2.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7k5m-ys11-mfby

vulnerability	VCID-tdfp-krep-5ffe

vulnerability	VCID-wg6b-e8ts-w7ct

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/net.minidev/json-smart@2.2.1

url pkg:maven/net.minidev/json-smart@2.3

purl pkg:maven/net.minidev/json-smart@2.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7k5m-ys11-mfby

vulnerability	VCID-tdfp-krep-5ffe

vulnerability	VCID-wg6b-e8ts-w7ct

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/net.minidev/json-smart@2.3

url pkg:maven/net.minidev/json-smart@2.3.1

purl pkg:maven/net.minidev/json-smart@2.3.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7k5m-ys11-mfby

vulnerability	VCID-wg6b-e8ts-w7ct

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/net.minidev/json-smart@2.3.1

url pkg:maven/net.minidev/json-smart@2.4.1

purl pkg:maven/net.minidev/json-smart@2.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7k5m-ys11-mfby

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/net.minidev/json-smart@2.4.1

url pkg:maven/net.minidev/json-smart@2.4.2

purl pkg:maven/net.minidev/json-smart@2.4.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7k5m-ys11-mfby

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/net.minidev/json-smart@2.4.2

url pkg:maven/net.minidev/json-smart@2.4.4

purl pkg:maven/net.minidev/json-smart@2.4.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7k5m-ys11-mfby

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/net.minidev/json-smart@2.4.4

url pkg:maven/net.minidev/json-smart@2.4.5

purl pkg:maven/net.minidev/json-smart@2.4.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7k5m-ys11-mfby

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/net.minidev/json-smart@2.4.5

url pkg:maven/net.minidev/json-smart@2.4.6

purl pkg:maven/net.minidev/json-smart@2.4.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7k5m-ys11-mfby

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/net.minidev/json-smart@2.4.6

url pkg:maven/net.minidev/json-smart@2.4.7

purl pkg:maven/net.minidev/json-smart@2.4.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7k5m-ys11-mfby

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/net.minidev/json-smart@2.4.7

url pkg:maven/net.minidev/json-smart@2.4.8

purl pkg:maven/net.minidev/json-smart@2.4.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7k5m-ys11-mfby

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/net.minidev/json-smart@2.4.8

url pkg:rpm/redhat/jenkins@2.401.1.1686680404-3?arch=el8

purl pkg:rpm/redhat/jenkins@2.401.1.1686680404-3?arch=el8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-432r-ukuw-4bgt

vulnerability	VCID-6925-fwf4-f7df

vulnerability	VCID-7k5m-ys11-mfby

vulnerability	VCID-afh4-nhxq-y3he

vulnerability	VCID-z3th-j593-m7bg

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins@2.401.1.1686680404-3%3Farch=el8

url pkg:rpm/redhat/jenkins-2-plugins@4.10.1684982411-1?arch=el8

purl pkg:rpm/redhat/jenkins-2-plugins@4.10.1684982411-1?arch=el8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7k5m-ys11-mfby

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.10.1684982411-1%3Farch=el8

url pkg:rpm/redhat/jenkins-2-plugins@4.11.1686831822-1?arch=el8

purl pkg:rpm/redhat/jenkins-2-plugins@4.11.1686831822-1?arch=el8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7k5m-ys11-mfby

vulnerability	VCID-9h46-72hw-bkcr

vulnerability	VCID-khr7-6pza-afab

vulnerability	VCID-myp4-24sf-9yfv

vulnerability	VCID-qq1f-3nsz-6kcz

vulnerability	VCID-sqx4-euc2-myew

vulnerability	VCID-v2pq-1qhm-4qb9

vulnerability	VCID-v9jp-s75d-zffs

vulnerability	VCID-yph7-zq7p-j3hz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.11.1686831822-1%3Farch=el8

url pkg:rpm/redhat/jenkins-2-plugins@4.12.1686649756-1?arch=el8

purl pkg:rpm/redhat/jenkins-2-plugins@4.12.1686649756-1?arch=el8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4qvq-xv22-xbed

vulnerability	VCID-5bu5-5b6n-nuft

vulnerability	VCID-7k5m-ys11-mfby

vulnerability	VCID-j584-bgww-z7fw

vulnerability	VCID-myp4-24sf-9yfv

vulnerability	VCID-sqx4-euc2-myew

vulnerability	VCID-v9jp-s75d-zffs

vulnerability	VCID-wp9q-eurd-43dx

vulnerability	VCID-xq5k-dyk9-u3ct

vulnerability	VCID-yph7-zq7p-j3hz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.12.1686649756-1%3Farch=el8

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1370.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1370.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-1370

reference_id

reference_type

scores

value	0.00013
scoring_system	epss
scoring_elements	0.02246
published_at	2026-04-18T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02264
published_at	2026-04-08T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02286
published_at	2026-04-09T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02268
published_at	2026-04-11T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02257
published_at	2026-04-12T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02236
published_at	2026-04-16T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02254
published_at	2026-04-13T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.02931
published_at	2026-04-07T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.0301
published_at	2026-04-21T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.02908
published_at	2026-04-02T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.02923
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-1370

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1370
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1370

reference_url

https://github.com/netplex/json-smart-v2/commit/5b3205d051952d3100aa0db1535f6ba6226bd87a

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/netplex/json-smart-v2/commit/5b3205d051952d3100aa0db1535f6ba6226bd87a

reference_url

https://github.com/netplex/json-smart-v2/commit/e2791ae506a57491bc856b439d706c81e45adcf8

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/netplex/json-smart-v2/commit/e2791ae506a57491bc856b439d706c81e45adcf8

reference_url

https://github.com/netplex/json-smart-v2/issues/137

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/netplex/json-smart-v2/issues/137

reference_url

https://github.com/oswaldobapvicjr/jsonmerge

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/oswaldobapvicjr/jsonmerge

reference_url

https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633

reference_url

https://security.netapp.com/advisory/ntap-20240621-0006

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240621-0006

reference_url

https://security.snyk.io/vuln/SNYK-JAVA-NETMINIDEV-3369748

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.snyk.io/vuln/SNYK-JAVA-NETMINIDEV-3369748

reference_url

https://www.cve.org/CVERecord?id=CVE-2023-1370

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.cve.org/CVERecord?id=CVE-2023-1370

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033474
reference_id	1033474
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033474

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2188542
reference_id	2188542
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2188542

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-1370

reference_id

CVE-2023-1370

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-1370

reference_url

https://github.com/advisories/GHSA-493p-pfq6-5258

reference_id

GHSA-493p-pfq6-5258

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-493p-pfq6-5258

reference_url

https://github.com/oswaldobapvicjr/jsonmerge/security/advisories/GHSA-493p-pfq6-5258

reference_id

GHSA-493p-pfq6-5258

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/oswaldobapvicjr/jsonmerge/security/advisories/GHSA-493p-pfq6-5258

reference_url	https://access.redhat.com/errata/RHSA-2023:2099
reference_id	RHSA-2023:2099
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2099

reference_url	https://access.redhat.com/errata/RHSA-2023:2100
reference_id	RHSA-2023:2100
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2100

reference_url	https://access.redhat.com/errata/RHSA-2023:3179
reference_id	RHSA-2023:3179
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3179

reference_url	https://access.redhat.com/errata/RHSA-2023:3193
reference_id	RHSA-2023:3193
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3193

reference_url	https://access.redhat.com/errata/RHSA-2023:3223
reference_id	RHSA-2023:3223
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3223

reference_url	https://access.redhat.com/errata/RHSA-2023:3362
reference_id	RHSA-2023:3362
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3362

reference_url	https://access.redhat.com/errata/RHSA-2023:3610
reference_id	RHSA-2023:3610
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3610

reference_url	https://access.redhat.com/errata/RHSA-2023:3622
reference_id	RHSA-2023:3622
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3622

reference_url	https://access.redhat.com/errata/RHSA-2023:3641
reference_id	RHSA-2023:3641
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3641

reference_url	https://access.redhat.com/errata/RHSA-2023:3663
reference_id	RHSA-2023:3663
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3663

reference_url	https://access.redhat.com/errata/RHSA-2023:7697
reference_id	RHSA-2023:7697
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7697

reference_url

https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/

reference_id

stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-27T19:09:38Z/

url

https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/

reference_url	https://usn.ubuntu.com/6011-1/
reference_id	USN-6011-1
reference_type
scores
url	https://usn.ubuntu.com/6011-1/

Weaknesses

cwe_id	674
name	Uncontrolled Recursion
description	The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score 7.0 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7k5m-ys11-mfby

Vulnerability Instance