VulnerableCode Package Details - pkg:maven/org.typelevel/jawn-parser@1.3.2

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/org.typelevel/jawn-parser@1.3.2

Essentials
History (1)

purl	pkg:maven/org.typelevel/jawn-parser@1.3.2

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-tvwp-ydpn-zqf1	Jawn is an open source JSON parser. Extenders of the `org.typelevel.jawn.SimpleFacade` and `org.typelevel.jawn.MutableFacade` who don't override `objectContext()` are vulnerable to a hash collision attack which may result in a denial of service. Most applications do not implement these traits directly, but inherit from a library. `jawn-parser-1.3.1` fixes this issue and users are advised to upgrade. For users unable to upgrade override `objectContext()` to use a collision-safe collection.	CVE-2022-21653 GHSA-vc89-hccf-rq55

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T15:43:01.583105+00:00	GitLab Importer	Fixing	VCID-tvwp-ydpn-zqf1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.typelevel/jawn-parser/CVE-2022-21653.yml	38.6.0