Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.json/json@20220320
purl pkg:maven/org.json/json@20220320
Next non-vulnerable version 20231013
Latest non-vulnerable version 20231013
Risk 4.0
Vulnerabilities affecting this package (3)
Vulnerability Summary Fixed by
VCID-32wz-1tnx-5qep
Aliases:
CVE-2022-45688
GHSA-3vqj-43w4-2q58
json stack overflow vulnerability A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 and org.json:json before version 20230227 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.
20230227
Affected by 2 other vulnerabilities.
VCID-m8tp-xd4z-d3g7
Aliases:
GHSA-rm7j-f5g5-27vv
Duplicate Advisory: Denial of Service in JSON-Java ## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4jq9-2xhw-jpx7. This link is maintained to preserve external references. ## Original Description Denial of Service in JSON-Java versions prior to 20230618.  A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.
20231013
Affected by 0 other vulnerabilities.
VCID-tp9p-km7u-wbd5
Aliases:
CVE-2023-5072
GHSA-4jq9-2xhw-jpx7
Java: DoS Vulnerability in JSON-JAVA A denial of service vulnerability in JSON-Java was discovered by [ClusterFuzz](https://google.github.io/clusterfuzz/). A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used. There are two issues: (1) the parser bug can be used to circumvent a check that is supposed to prevent the key in a JSON object from itself being another JSON object; (2) if a key does end up being a JSON object then it gets converted into a string, using `\` to escape special characters, including `\` itself. So by nesting JSON objects, with a key that is a JSON object that has a key that is a JSON object, and so on, we can get an exponential number of `\` characters in the escaped string.
20231013
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-41pg-3cdb-jqee hutool-json vulnerable to memory exhaustion hutool-json v5.8.10 was discovered to contain an out of memory error. This issue is similar to CVE-2022-45690. CVE-2022-45689
GHSA-fxrc-hg6j-6v3x
VCID-5xm4-tyx3-wudu hutool-json stack overflow vulnerability A stack overflow in the org.json.JSONTokener.nextValue::JSONTokener.java component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data. CVE-2022-45690
GHSA-whgh-g24c-3j5q

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T22:43:20.397441+00:00 GitLab Importer Affected by VCID-tp9p-km7u-wbd5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.json/json/CVE-2023-5072.yml 38.4.0
2026-04-16T22:40:34.820264+00:00 GitLab Importer Affected by VCID-m8tp-xd4z-d3g7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.json/json/GHSA-rm7j-f5g5-27vv.yml 38.4.0
2026-04-16T22:18:05.658719+00:00 GitLab Importer Affected by VCID-32wz-1tnx-5qep https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.json/json/CVE-2022-45688.yml 38.4.0
2026-04-16T22:18:01.944510+00:00 GitLab Importer Fixing VCID-5xm4-tyx3-wudu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.json/json/CVE-2022-45690.yml 38.4.0
2026-04-16T22:18:00.622500+00:00 GitLab Importer Fixing VCID-41pg-3cdb-jqee https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.json/json/CVE-2022-45689.yml 38.4.0
2026-04-12T00:02:55.055517+00:00 GitLab Importer Affected by VCID-tp9p-km7u-wbd5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.json/json/CVE-2023-5072.yml 38.3.0
2026-04-12T00:00:02.976535+00:00 GitLab Importer Affected by VCID-m8tp-xd4z-d3g7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.json/json/GHSA-rm7j-f5g5-27vv.yml 38.3.0
2026-04-11T23:35:37.172373+00:00 GitLab Importer Affected by VCID-32wz-1tnx-5qep https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.json/json/CVE-2022-45688.yml 38.3.0
2026-04-11T23:35:32.952602+00:00 GitLab Importer Fixing VCID-5xm4-tyx3-wudu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.json/json/CVE-2022-45690.yml 38.3.0
2026-04-11T23:35:30.938076+00:00 GitLab Importer Fixing VCID-41pg-3cdb-jqee https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.json/json/CVE-2022-45689.yml 38.3.0
2026-04-03T00:07:36.193829+00:00 GitLab Importer Affected by VCID-tp9p-km7u-wbd5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.json/json/CVE-2023-5072.yml 38.1.0
2026-04-03T00:03:05.427347+00:00 GitLab Importer Affected by VCID-m8tp-xd4z-d3g7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.json/json/GHSA-rm7j-f5g5-27vv.yml 38.1.0
2026-04-02T23:40:13.808381+00:00 GitLab Importer Affected by VCID-32wz-1tnx-5qep https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.json/json/CVE-2022-45688.yml 38.1.0
2026-04-02T23:40:10.105950+00:00 GitLab Importer Fixing VCID-5xm4-tyx3-wudu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.json/json/CVE-2022-45690.yml 38.1.0
2026-04-02T23:40:08.840571+00:00 GitLab Importer Fixing VCID-41pg-3cdb-jqee https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.json/json/CVE-2022-45689.yml 38.1.0
2026-04-01T18:02:44.849286+00:00 GitLab Importer Affected by VCID-32wz-1tnx-5qep https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.json/json/CVE-2022-45688.yml 38.0.0
2026-04-01T18:02:40.978054+00:00 GitLab Importer Fixing VCID-5xm4-tyx3-wudu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.json/json/CVE-2022-45690.yml 38.0.0
2026-04-01T18:02:39.584659+00:00 GitLab Importer Fixing VCID-41pg-3cdb-jqee https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.json/json/CVE-2022-45689.yml 38.0.0