Search for packages
| purl | pkg:maven/org.json/json@20180130 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-32wz-1tnx-5qep
Aliases: CVE-2022-45688 GHSA-3vqj-43w4-2q58 |
json stack overflow vulnerability A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 and org.json:json before version 20230227 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data. |
Affected by 2 other vulnerabilities. |
|
VCID-41pg-3cdb-jqee
Aliases: CVE-2022-45689 GHSA-fxrc-hg6j-6v3x |
hutool-json vulnerable to memory exhaustion hutool-json v5.8.10 was discovered to contain an out of memory error. This issue is similar to CVE-2022-45690. |
Affected by 3 other vulnerabilities. |
|
VCID-5xm4-tyx3-wudu
Aliases: CVE-2022-45690 GHSA-whgh-g24c-3j5q |
hutool-json stack overflow vulnerability A stack overflow in the org.json.JSONTokener.nextValue::JSONTokener.java component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data. |
Affected by 3 other vulnerabilities. |
|
VCID-m8tp-xd4z-d3g7
Aliases: GHSA-rm7j-f5g5-27vv |
Duplicate Advisory: Denial of Service in JSON-Java ## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4jq9-2xhw-jpx7. This link is maintained to preserve external references. ## Original Description Denial of Service in JSON-Java versions prior to 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used. |
Affected by 0 other vulnerabilities. |
|
VCID-tp9p-km7u-wbd5
Aliases: CVE-2023-5072 GHSA-4jq9-2xhw-jpx7 |
Java: DoS Vulnerability in JSON-JAVA A denial of service vulnerability in JSON-Java was discovered by [ClusterFuzz](https://google.github.io/clusterfuzz/). A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used. There are two issues: (1) the parser bug can be used to circumvent a check that is supposed to prevent the key in a JSON object from itself being another JSON object; (2) if a key does end up being a JSON object then it gets converted into a string, using `\` to escape special characters, including `\` itself. So by nesting JSON objects, with a key that is a JSON object that has a key that is a JSON object, and so on, we can get an exponential number of `\` characters in the escaped string. |
Affected by 0 other vulnerabilities. |
|
VCID-z7rn-5t92-jyem
Aliases: GMS-2023-1112 |
Uncontrolled Resource Consumption Decoding invalid JSON data can cause the JVM to hang in an infinite loop leading to a Denial of Service and high CPU consumption. |
Affected by 5 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-kskh-z2dm-nkg5 | Uncontrolled Resource Consumption Decoding of invalid/partial JSON data such as `[` causes the JVM to crash with an `java.lang.StackOverflowError` exception. |
GMS-2023-1111
|