Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.json/json@20171018
purl pkg:maven/org.json/json@20171018
Next non-vulnerable version 20231013
Latest non-vulnerable version 20231013
Risk 4.0
Vulnerabilities affecting this package (7)
Vulnerability Summary Fixed by
VCID-5r4f-gp98-x3ac
Aliases:
GMS-2023-1112
Uncontrolled Resource Consumption Decoding invalid JSON data can cause the JVM to hang in an infinite loop leading to a Denial of Service and high CPU consumption.
20200518
Affected by 5 other vulnerabilities.
VCID-bv86-hec6-mfgy
Aliases:
GMS-2023-1111
Uncontrolled Resource Consumption Decoding of invalid/partial JSON data such as `[` causes the JVM to crash with an `java.lang.StackOverflowError` exception.
20180130
Affected by 6 other vulnerabilities.
VCID-bxc5-jwy1-k3ar
Aliases:
CVE-2023-5072
GHSA-4jq9-2xhw-jpx7
Denial of Service in JSON-Java versions up to and including 20230618.  A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.
20231013
Affected by 0 other vulnerabilities.
VCID-h2dz-y8ub-pkdw
Aliases:
CVE-2022-45690
GHSA-whgh-g24c-3j5q
A stack overflow in the org.json.JSONTokener.nextValue::JSONTokener.java component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.
20220320
Affected by 3 other vulnerabilities.
VCID-k4gs-hxf1-m7g4
Aliases:
CVE-2022-45688
GHSA-3vqj-43w4-2q58
A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.
20230227
Affected by 2 other vulnerabilities.
VCID-t5h8-qa1b-fkhx
Aliases:
GHSA-rm7j-f5g5-27vv
Duplicate Advisory: Denial of Service in JSON-Java ## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4jq9-2xhw-jpx7. This link is maintained to preserve external references. ## Original Description Denial of Service in JSON-Java versions prior to 20230618.  A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.
20231013
Affected by 0 other vulnerabilities.
VCID-u7t7-4dzm-t3hc
Aliases:
CVE-2022-45689
GHSA-fxrc-hg6j-6v3x
hutool-json v5.8.10 was discovered to contain an out of memory error.
20220320
Affected by 3 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-12T19:11:13.303560+00:00 GitLab Importer Affected by VCID-bxc5-jwy1-k3ar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.json/json/CVE-2023-5072.yml 38.6.0
2026-06-12T19:08:07.586003+00:00 GitLab Importer Affected by VCID-t5h8-qa1b-fkhx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.json/json/GHSA-rm7j-f5g5-27vv.yml 38.6.0
2026-06-12T18:57:08.778028+00:00 GitLab Importer Affected by VCID-bv86-hec6-mfgy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.json/json/GMS-2023-1111.yml 38.6.0
2026-06-12T18:57:07.580074+00:00 GitLab Importer Affected by VCID-5r4f-gp98-x3ac https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.json/json/GMS-2023-1112.yml 38.6.0
2026-06-12T18:42:05.274506+00:00 GitLab Importer Affected by VCID-k4gs-hxf1-m7g4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.json/json/CVE-2022-45688.yml 38.6.0
2026-06-12T18:42:00.998981+00:00 GitLab Importer Affected by VCID-h2dz-y8ub-pkdw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.json/json/CVE-2022-45690.yml 38.6.0
2026-06-12T18:41:59.463046+00:00 GitLab Importer Affected by VCID-u7t7-4dzm-t3hc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.json/json/CVE-2022-45689.yml 38.6.0