Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/libjettison-java@1.5.3-1~deb11u1?distro=trixie
purl pkg:deb/debian/libjettison-java@1.5.3-1~deb11u1?distro=trixie
Next non-vulnerable version 1.5.4-1
Latest non-vulnerable version 1.5.4-1
Risk 4.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-qq1f-3nsz-6kcz
Aliases:
CVE-2023-1436
GHSA-q6g2-g7f3-rr83
Jettison vulnerable to infinite recursion An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.
1.5.4-1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (4)
Vulnerability Summary Aliases
VCID-myp4-24sf-9yfv Jettison memory exhaustion Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack. CVE-2022-40150
GHSA-x27m-9w8j-5vcw
VCID-sqx4-euc2-myew Jettison parser crash by stackoverflow Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. CVE-2022-40149
GHSA-56h3-78gp-v83r
VCID-u32c-7463-fkff Jettison Out-of-bounds Write vulnerability A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data. CVE-2022-45685
GHSA-7rf3-mqpx-h7xg
VCID-wp9q-eurd-43dx Jettison Out-of-bounds Write vulnerability Jettison before v1.5.2 was discovered to contain a stack overflow via the map parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. CVE-2022-45693
GHSA-grr4-wv38-f68w

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T12:40:58.976306+00:00 Debian Importer Fixing VCID-u32c-7463-fkff https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:18:48.889188+00:00 Debian Importer Fixing VCID-sqx4-euc2-myew https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:17:22.340248+00:00 Debian Importer Fixing VCID-wp9q-eurd-43dx https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:15:48.862183+00:00 Debian Importer Fixing VCID-myp4-24sf-9yfv https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T08:41:32.987409+00:00 Debian Importer Fixing VCID-u32c-7463-fkff https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:41:53.006028+00:00 Debian Importer Fixing VCID-sqx4-euc2-myew https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:55:24.075586+00:00 Debian Importer Fixing VCID-wp9q-eurd-43dx https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:11:33.690608+00:00 Debian Importer Fixing VCID-myp4-24sf-9yfv https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-03T07:28:56.327868+00:00 Debian Importer Affected by VCID-qq1f-3nsz-6kcz https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:28:56.303989+00:00 Debian Importer Fixing VCID-wp9q-eurd-43dx https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:28:56.274853+00:00 Debian Importer Fixing VCID-u32c-7463-fkff https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:28:56.246064+00:00 Debian Importer Fixing VCID-myp4-24sf-9yfv https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:28:56.212163+00:00 Debian Importer Fixing VCID-sqx4-euc2-myew https://security-tracker.debian.org/tracker/data/json 38.1.0