Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS01NmgzLTc4Z3Atdjgzcs4AAu5k

Jettison parser crash by stackoverflow

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

Permalink: https://github.com/advisories/GHSA-56h3-78gp-v83r
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01NmgzLTc4Z3Atdjgzcs4AAu5k
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: almost 2 years ago


CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Percentage: 0.00465
EPSS Percentile: 0.76227

Identifiers: GHSA-56h3-78gp-v83r, CVE-2022-40149
References: Repository: https://github.com/jettison-json/jettison
Blast Radius: 25.9

Affected Packages

maven:org.codehaus.jettison:jettison
Dependent packages: 786
Dependent repositories: 9,783
Downloads:
Affected Version Ranges: < 1.5.1
Fixed in: 1.5.1
All affected versions: 1.0.1, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.3.5, 1.3.6, 1.3.7, 1.3.8, 1.4.0, 1.4.1, 1.5.0
All unaffected versions: 1.5.1, 1.5.2, 1.5.3, 1.5.4