VulnerableCode Package Details - pkg:maven/org.json/json@20230227

Search for packages

Vulnerability	Summary	Fixed by
VCID-m8tp-xd4z-d3g7 Aliases: GHSA-rm7j-f5g5-27vv	Duplicate Advisory: Denial of Service in JSON-Java ## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4jq9-2xhw-jpx7. This link is maintained to preserve external references. ## Original Description Denial of Service in JSON-Java versions prior to 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.	20231013 Affected by 0 other vulnerabilities.
VCID-tp9p-km7u-wbd5 Aliases: CVE-2023-5072 GHSA-4jq9-2xhw-jpx7	Java: DoS Vulnerability in JSON-JAVA A denial of service vulnerability in JSON-Java was discovered by [ClusterFuzz](https://google.github.io/clusterfuzz/). A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used. There are two issues: (1) the parser bug can be used to circumvent a check that is supposed to prevent the key in a JSON object from itself being another JSON object; (2) if a key does end up being a JSON object then it gets converted into a string, using `\` to escape special characters, including `\` itself. So by nesting JSON objects, with a key that is a JSON object that has a key that is a JSON object, and so on, we can get an exponential number of `\` characters in the escaped string.	20231013 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-m8tp-xd4z-d3g7
Aliases:
GHSA-rm7j-f5g5-27vv

Duplicate Advisory: Denial of Service in JSON-Java ## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4jq9-2xhw-jpx7. This link is maintained to preserve external references. ## Original Description Denial of Service in JSON-Java versions prior to 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.

20231013
Affected by 0 other vulnerabilities.

VCID-tp9p-km7u-wbd5
Aliases:
CVE-2023-5072
GHSA-4jq9-2xhw-jpx7

Java: DoS Vulnerability in JSON-JAVA A denial of service vulnerability in JSON-Java was discovered by [ClusterFuzz](https://google.github.io/clusterfuzz/). A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used. There are two issues: (1) the parser bug can be used to circumvent a check that is supposed to prevent the key in a JSON object from itself being another JSON object; (2) if a key does end up being a JSON object then it gets converted into a string, using `\` to escape special characters, including `\` itself. So by nesting JSON objects, with a key that is a JSON object that has a key that is a JSON object, and so on, we can get an exponential number of `\` characters in the escaped string.

20231013
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-32wz-1tnx-5qep	json stack overflow vulnerability A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 and org.json:json before version 20230227 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.	CVE-2022-45688 GHSA-3vqj-43w4-2q58

Vulnerability

Summary

Aliases

VCID-32wz-1tnx-5qep

json stack overflow vulnerability A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 and org.json:json before version 20230227 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.

CVE-2022-45688
GHSA-3vqj-43w4-2q58

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T22:43:20.404256+00:00	GitLab Importer	Affected by	VCID-tp9p-km7u-wbd5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.json/json/CVE-2023-5072.yml	38.4.0
2026-04-16T22:40:34.826741+00:00	GitLab Importer	Affected by	VCID-m8tp-xd4z-d3g7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.json/json/GHSA-rm7j-f5g5-27vv.yml	38.4.0
2026-04-16T22:18:05.665245+00:00	GitLab Importer	Fixing	VCID-32wz-1tnx-5qep	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.json/json/CVE-2022-45688.yml	38.4.0
2026-04-12T00:02:55.063406+00:00	GitLab Importer	Affected by	VCID-tp9p-km7u-wbd5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.json/json/CVE-2023-5072.yml	38.3.0
2026-04-12T00:00:02.983806+00:00	GitLab Importer	Affected by	VCID-m8tp-xd4z-d3g7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.json/json/GHSA-rm7j-f5g5-27vv.yml	38.3.0
2026-04-11T23:35:37.180084+00:00	GitLab Importer	Fixing	VCID-32wz-1tnx-5qep	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.json/json/CVE-2022-45688.yml	38.3.0
2026-04-03T00:07:36.201383+00:00	GitLab Importer	Affected by	VCID-tp9p-km7u-wbd5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.json/json/CVE-2023-5072.yml	38.1.0
2026-04-03T00:03:05.434764+00:00	GitLab Importer	Affected by	VCID-m8tp-xd4z-d3g7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.json/json/GHSA-rm7j-f5g5-27vv.yml	38.1.0
2026-04-02T23:40:13.815077+00:00	GitLab Importer	Fixing	VCID-32wz-1tnx-5qep	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.json/json/CVE-2022-45688.yml	38.1.0
2026-04-02T16:58:36.263334+00:00	GHSA Importer	Fixing	VCID-32wz-1tnx-5qep	https://github.com/advisories/GHSA-3vqj-43w4-2q58	38.1.0
2026-04-01T18:02:44.857924+00:00	GitLab Importer	Fixing	VCID-32wz-1tnx-5qep	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.json/json/CVE-2022-45688.yml	38.0.0
2026-04-01T13:06:01.960556+00:00	GithubOSV Importer	Fixing	VCID-32wz-1tnx-5qep	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-3vqj-43w4-2q58/GHSA-3vqj-43w4-2q58.json	38.0.0