Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.json/json@20230618
purl pkg:maven/org.json/json@20230618
Next non-vulnerable version 20231013
Latest non-vulnerable version 20231013
Risk 4.0
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-m8tp-xd4z-d3g7
Aliases:
GHSA-rm7j-f5g5-27vv
Duplicate Advisory: Denial of Service in JSON-Java ## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4jq9-2xhw-jpx7. This link is maintained to preserve external references. ## Original Description Denial of Service in JSON-Java versions prior to 20230618.  A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.
20231013
Affected by 0 other vulnerabilities.
VCID-tp9p-km7u-wbd5
Aliases:
CVE-2023-5072
GHSA-4jq9-2xhw-jpx7
Java: DoS Vulnerability in JSON-JAVA A denial of service vulnerability in JSON-Java was discovered by [ClusterFuzz](https://google.github.io/clusterfuzz/). A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used. There are two issues: (1) the parser bug can be used to circumvent a check that is supposed to prevent the key in a JSON object from itself being another JSON object; (2) if a key does end up being a JSON object then it gets converted into a string, using `\` to escape special characters, including `\` itself. So by nesting JSON objects, with a key that is a JSON object that has a key that is a JSON object, and so on, we can get an exponential number of `\` characters in the escaped string.
20231013
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T22:43:20.407619+00:00 GitLab Importer Affected by VCID-tp9p-km7u-wbd5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.json/json/CVE-2023-5072.yml 38.4.0
2026-04-16T22:40:34.829989+00:00 GitLab Importer Affected by VCID-m8tp-xd4z-d3g7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.json/json/GHSA-rm7j-f5g5-27vv.yml 38.4.0
2026-04-12T00:02:55.067207+00:00 GitLab Importer Affected by VCID-tp9p-km7u-wbd5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.json/json/CVE-2023-5072.yml 38.3.0
2026-04-12T00:00:02.987469+00:00 GitLab Importer Affected by VCID-m8tp-xd4z-d3g7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.json/json/GHSA-rm7j-f5g5-27vv.yml 38.3.0
2026-04-03T00:07:36.204670+00:00 GitLab Importer Affected by VCID-tp9p-km7u-wbd5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.json/json/CVE-2023-5072.yml 38.1.0
2026-04-03T00:03:05.437987+00:00 GitLab Importer Affected by VCID-m8tp-xd4z-d3g7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.json/json/GHSA-rm7j-f5g5-27vv.yml 38.1.0
2026-04-02T17:00:41.822511+00:00 GHSA Importer Affected by VCID-tp9p-km7u-wbd5 https://github.com/advisories/GHSA-4jq9-2xhw-jpx7 38.1.0
2026-04-02T17:00:29.522072+00:00 GHSA Importer Affected by VCID-m8tp-xd4z-d3g7 https://github.com/advisories/GHSA-rm7j-f5g5-27vv 38.1.0