Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.json/json@20231013
purl pkg:maven/org.json/json@20231013
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-m8tp-xd4z-d3g7 Duplicate Advisory: Denial of Service in JSON-Java ## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4jq9-2xhw-jpx7. This link is maintained to preserve external references. ## Original Description Denial of Service in JSON-Java versions prior to 20230618.  A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used. GHSA-rm7j-f5g5-27vv
VCID-tp9p-km7u-wbd5 Java: DoS Vulnerability in JSON-JAVA A denial of service vulnerability in JSON-Java was discovered by [ClusterFuzz](https://google.github.io/clusterfuzz/). A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used. There are two issues: (1) the parser bug can be used to circumvent a check that is supposed to prevent the key in a JSON object from itself being another JSON object; (2) if a key does end up being a JSON object then it gets converted into a string, using `\` to escape special characters, including `\` itself. So by nesting JSON objects, with a key that is a JSON object that has a key that is a JSON object, and so on, we can get an exponential number of `\` characters in the escaped string. CVE-2023-5072
GHSA-4jq9-2xhw-jpx7

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T22:43:20.411046+00:00 GitLab Importer Fixing VCID-tp9p-km7u-wbd5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.json/json/CVE-2023-5072.yml 38.4.0
2026-04-16T22:40:34.833182+00:00 GitLab Importer Fixing VCID-m8tp-xd4z-d3g7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.json/json/GHSA-rm7j-f5g5-27vv.yml 38.4.0
2026-04-12T00:02:55.071085+00:00 GitLab Importer Fixing VCID-tp9p-km7u-wbd5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.json/json/CVE-2023-5072.yml 38.3.0
2026-04-12T00:00:02.991416+00:00 GitLab Importer Fixing VCID-m8tp-xd4z-d3g7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.json/json/GHSA-rm7j-f5g5-27vv.yml 38.3.0
2026-04-03T00:07:36.208222+00:00 GitLab Importer Fixing VCID-tp9p-km7u-wbd5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.json/json/CVE-2023-5072.yml 38.1.0
2026-04-03T00:03:05.441198+00:00 GitLab Importer Fixing VCID-m8tp-xd4z-d3g7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.json/json/GHSA-rm7j-f5g5-27vv.yml 38.1.0
2026-04-02T17:00:41.825914+00:00 GHSA Importer Fixing VCID-tp9p-km7u-wbd5 https://github.com/advisories/GHSA-4jq9-2xhw-jpx7 38.1.0
2026-04-02T17:00:29.525651+00:00 GHSA Importer Fixing VCID-m8tp-xd4z-d3g7 https://github.com/advisories/GHSA-rm7j-f5g5-27vv 38.1.0
2026-04-01T12:58:47.341730+00:00 GithubOSV Importer Fixing VCID-tp9p-km7u-wbd5 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-4jq9-2xhw-jpx7/GHSA-4jq9-2xhw-jpx7.json 38.0.0
2026-04-01T12:57:05.669345+00:00 GithubOSV Importer Fixing VCID-m8tp-xd4z-d3g7 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-rm7j-f5g5-27vv/GHSA-rm7j-f5g5-27vv.json 38.0.0
2026-04-01T12:52:06.897294+00:00 GitLab Importer Fixing VCID-tp9p-km7u-wbd5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.json/json/CVE-2023-5072.yml 38.0.0
2026-04-01T12:51:58.199269+00:00 GitLab Importer Fixing VCID-m8tp-xd4z-d3g7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.json/json/GHSA-rm7j-f5g5-27vv.yml 38.0.0