Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-m8tp-xd4z-d3g7
Summary
Duplicate Advisory: Denial of Service  in JSON-Java
## Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-4jq9-2xhw-jpx7. This link is maintained to preserve external references.

## Original Description
Denial of Service  in JSON-Java versions prior to 20230618.  A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.
Aliases
0
alias GHSA-rm7j-f5g5-27vv
Fixed_packages
0
url pkg:maven/org.json/json@20231013
purl pkg:maven/org.json/json@20231013
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20231013
Affected_packages
0
url pkg:maven/org.json/json@20070829
purl pkg:maven/org.json/json@20070829
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32wz-1tnx-5qep
1
vulnerability VCID-41pg-3cdb-jqee
2
vulnerability VCID-5xm4-tyx3-wudu
3
vulnerability VCID-kskh-z2dm-nkg5
4
vulnerability VCID-m8tp-xd4z-d3g7
5
vulnerability VCID-tp9p-km7u-wbd5
6
vulnerability VCID-z7rn-5t92-jyem
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20070829
1
url pkg:maven/org.json/json@20080701
purl pkg:maven/org.json/json@20080701
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32wz-1tnx-5qep
1
vulnerability VCID-41pg-3cdb-jqee
2
vulnerability VCID-5xm4-tyx3-wudu
3
vulnerability VCID-kskh-z2dm-nkg5
4
vulnerability VCID-m8tp-xd4z-d3g7
5
vulnerability VCID-tp9p-km7u-wbd5
6
vulnerability VCID-z7rn-5t92-jyem
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20080701
2
url pkg:maven/org.json/json@20090211
purl pkg:maven/org.json/json@20090211
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32wz-1tnx-5qep
1
vulnerability VCID-41pg-3cdb-jqee
2
vulnerability VCID-5xm4-tyx3-wudu
3
vulnerability VCID-kskh-z2dm-nkg5
4
vulnerability VCID-m8tp-xd4z-d3g7
5
vulnerability VCID-tp9p-km7u-wbd5
6
vulnerability VCID-z7rn-5t92-jyem
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20090211
3
url pkg:maven/org.json/json@20131018
purl pkg:maven/org.json/json@20131018
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32wz-1tnx-5qep
1
vulnerability VCID-41pg-3cdb-jqee
2
vulnerability VCID-5xm4-tyx3-wudu
3
vulnerability VCID-kskh-z2dm-nkg5
4
vulnerability VCID-m8tp-xd4z-d3g7
5
vulnerability VCID-tp9p-km7u-wbd5
6
vulnerability VCID-z7rn-5t92-jyem
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20131018
4
url pkg:maven/org.json/json@20140107
purl pkg:maven/org.json/json@20140107
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32wz-1tnx-5qep
1
vulnerability VCID-41pg-3cdb-jqee
2
vulnerability VCID-5xm4-tyx3-wudu
3
vulnerability VCID-kskh-z2dm-nkg5
4
vulnerability VCID-m8tp-xd4z-d3g7
5
vulnerability VCID-tp9p-km7u-wbd5
6
vulnerability VCID-z7rn-5t92-jyem
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20140107
5
url pkg:maven/org.json/json@20141113
purl pkg:maven/org.json/json@20141113
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32wz-1tnx-5qep
1
vulnerability VCID-41pg-3cdb-jqee
2
vulnerability VCID-5xm4-tyx3-wudu
3
vulnerability VCID-kskh-z2dm-nkg5
4
vulnerability VCID-m8tp-xd4z-d3g7
5
vulnerability VCID-tp9p-km7u-wbd5
6
vulnerability VCID-z7rn-5t92-jyem
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20141113
6
url pkg:maven/org.json/json@20150729
purl pkg:maven/org.json/json@20150729
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32wz-1tnx-5qep
1
vulnerability VCID-41pg-3cdb-jqee
2
vulnerability VCID-5xm4-tyx3-wudu
3
vulnerability VCID-kskh-z2dm-nkg5
4
vulnerability VCID-m8tp-xd4z-d3g7
5
vulnerability VCID-tp9p-km7u-wbd5
6
vulnerability VCID-z7rn-5t92-jyem
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20150729
7
url pkg:maven/org.json/json@20151123
purl pkg:maven/org.json/json@20151123
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32wz-1tnx-5qep
1
vulnerability VCID-41pg-3cdb-jqee
2
vulnerability VCID-5xm4-tyx3-wudu
3
vulnerability VCID-kskh-z2dm-nkg5
4
vulnerability VCID-m8tp-xd4z-d3g7
5
vulnerability VCID-tp9p-km7u-wbd5
6
vulnerability VCID-z7rn-5t92-jyem
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20151123
8
url pkg:maven/org.json/json@20160212
purl pkg:maven/org.json/json@20160212
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32wz-1tnx-5qep
1
vulnerability VCID-41pg-3cdb-jqee
2
vulnerability VCID-5xm4-tyx3-wudu
3
vulnerability VCID-kskh-z2dm-nkg5
4
vulnerability VCID-m8tp-xd4z-d3g7
5
vulnerability VCID-tp9p-km7u-wbd5
6
vulnerability VCID-z7rn-5t92-jyem
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20160212
9
url pkg:maven/org.json/json@20160807
purl pkg:maven/org.json/json@20160807
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32wz-1tnx-5qep
1
vulnerability VCID-41pg-3cdb-jqee
2
vulnerability VCID-5xm4-tyx3-wudu
3
vulnerability VCID-kskh-z2dm-nkg5
4
vulnerability VCID-m8tp-xd4z-d3g7
5
vulnerability VCID-tp9p-km7u-wbd5
6
vulnerability VCID-z7rn-5t92-jyem
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20160807
10
url pkg:maven/org.json/json@20160810
purl pkg:maven/org.json/json@20160810
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32wz-1tnx-5qep
1
vulnerability VCID-41pg-3cdb-jqee
2
vulnerability VCID-5xm4-tyx3-wudu
3
vulnerability VCID-kskh-z2dm-nkg5
4
vulnerability VCID-m8tp-xd4z-d3g7
5
vulnerability VCID-tp9p-km7u-wbd5
6
vulnerability VCID-z7rn-5t92-jyem
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20160810
11
url pkg:maven/org.json/json@20170516
purl pkg:maven/org.json/json@20170516
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32wz-1tnx-5qep
1
vulnerability VCID-41pg-3cdb-jqee
2
vulnerability VCID-5xm4-tyx3-wudu
3
vulnerability VCID-kskh-z2dm-nkg5
4
vulnerability VCID-m8tp-xd4z-d3g7
5
vulnerability VCID-tp9p-km7u-wbd5
6
vulnerability VCID-z7rn-5t92-jyem
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20170516
12
url pkg:maven/org.json/json@20171018
purl pkg:maven/org.json/json@20171018
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32wz-1tnx-5qep
1
vulnerability VCID-41pg-3cdb-jqee
2
vulnerability VCID-5xm4-tyx3-wudu
3
vulnerability VCID-kskh-z2dm-nkg5
4
vulnerability VCID-m8tp-xd4z-d3g7
5
vulnerability VCID-tp9p-km7u-wbd5
6
vulnerability VCID-z7rn-5t92-jyem
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20171018
13
url pkg:maven/org.json/json@20180130
purl pkg:maven/org.json/json@20180130
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32wz-1tnx-5qep
1
vulnerability VCID-41pg-3cdb-jqee
2
vulnerability VCID-5xm4-tyx3-wudu
3
vulnerability VCID-m8tp-xd4z-d3g7
4
vulnerability VCID-tp9p-km7u-wbd5
5
vulnerability VCID-z7rn-5t92-jyem
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20180130
14
url pkg:maven/org.json/json@20180813
purl pkg:maven/org.json/json@20180813
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32wz-1tnx-5qep
1
vulnerability VCID-41pg-3cdb-jqee
2
vulnerability VCID-5xm4-tyx3-wudu
3
vulnerability VCID-m8tp-xd4z-d3g7
4
vulnerability VCID-tp9p-km7u-wbd5
5
vulnerability VCID-z7rn-5t92-jyem
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20180813
15
url pkg:maven/org.json/json@20190722
purl pkg:maven/org.json/json@20190722
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32wz-1tnx-5qep
1
vulnerability VCID-41pg-3cdb-jqee
2
vulnerability VCID-5xm4-tyx3-wudu
3
vulnerability VCID-m8tp-xd4z-d3g7
4
vulnerability VCID-tp9p-km7u-wbd5
5
vulnerability VCID-z7rn-5t92-jyem
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20190722
16
url pkg:maven/org.json/json@20200518
purl pkg:maven/org.json/json@20200518
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32wz-1tnx-5qep
1
vulnerability VCID-41pg-3cdb-jqee
2
vulnerability VCID-5xm4-tyx3-wudu
3
vulnerability VCID-m8tp-xd4z-d3g7
4
vulnerability VCID-tp9p-km7u-wbd5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20200518
17
url pkg:maven/org.json/json@20201115
purl pkg:maven/org.json/json@20201115
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32wz-1tnx-5qep
1
vulnerability VCID-41pg-3cdb-jqee
2
vulnerability VCID-5xm4-tyx3-wudu
3
vulnerability VCID-m8tp-xd4z-d3g7
4
vulnerability VCID-tp9p-km7u-wbd5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20201115
18
url pkg:maven/org.json/json@20210307
purl pkg:maven/org.json/json@20210307
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32wz-1tnx-5qep
1
vulnerability VCID-41pg-3cdb-jqee
2
vulnerability VCID-5xm4-tyx3-wudu
3
vulnerability VCID-m8tp-xd4z-d3g7
4
vulnerability VCID-tp9p-km7u-wbd5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20210307
19
url pkg:maven/org.json/json@20211205
purl pkg:maven/org.json/json@20211205
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32wz-1tnx-5qep
1
vulnerability VCID-41pg-3cdb-jqee
2
vulnerability VCID-5xm4-tyx3-wudu
3
vulnerability VCID-m8tp-xd4z-d3g7
4
vulnerability VCID-tp9p-km7u-wbd5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20211205
20
url pkg:maven/org.json/json@20220320
purl pkg:maven/org.json/json@20220320
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32wz-1tnx-5qep
1
vulnerability VCID-m8tp-xd4z-d3g7
2
vulnerability VCID-tp9p-km7u-wbd5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20220320
21
url pkg:maven/org.json/json@20220924
purl pkg:maven/org.json/json@20220924
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-32wz-1tnx-5qep
1
vulnerability VCID-m8tp-xd4z-d3g7
2
vulnerability VCID-tp9p-km7u-wbd5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20220924
22
url pkg:maven/org.json/json@20230227
purl pkg:maven/org.json/json@20230227
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-m8tp-xd4z-d3g7
1
vulnerability VCID-tp9p-km7u-wbd5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20230227
23
url pkg:maven/org.json/json@20230618
purl pkg:maven/org.json/json@20230618
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-m8tp-xd4z-d3g7
1
vulnerability VCID-tp9p-km7u-wbd5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.json/json@20230618
References
0
reference_url https://github.com/stleary/JSON-java
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/stleary/JSON-java
1
reference_url https://github.com/stleary/JSON-java/commit/60662e2f8384d3449822a3a1179bfe8de67b55bb
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/stleary/JSON-java/commit/60662e2f8384d3449822a3a1179bfe8de67b55bb
2
reference_url https://github.com/stleary/JSON-java/issues/758
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/stleary/JSON-java/issues/758
3
reference_url https://github.com/stleary/JSON-java/issues/771
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/stleary/JSON-java/issues/771
4
reference_url https://github.com/stleary/JSON-java/pull/759
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/stleary/JSON-java/pull/759
5
reference_url https://security.netapp.com/advisory/ntap-20240621-0007
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240621-0007
6
reference_url http://www.openwall.com/lists/oss-security/2023/12/13/4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2023/12/13/4
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-5072
reference_id CVE-2023-5072
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-5072
8
reference_url https://github.com/google/security-research/security/advisories/GHSA-4jq9-2xhw-jpx7
reference_id GHSA-4jq9-2xhw-jpx7
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/google/security-research/security/advisories/GHSA-4jq9-2xhw-jpx7
9
reference_url https://github.com/advisories/GHSA-rm7j-f5g5-27vv
reference_id GHSA-rm7j-f5g5-27vv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rm7j-f5g5-27vv
Weaknesses
0
cwe_id 770
name Allocation of Resources Without Limits or Throttling
description The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_score7.0 - 8.9
Exploitability0.5
Weighted_severity8.0
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-m8tp-xd4z-d3g7