Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThyZjUtOTJqaC0zdmM5
Uncaught Exception leading to Denial of Service in json-sanitizer
OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these situations.
Permalink: https://github.com/advisories/GHSA-8rf5-92jh-3vc9JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThyZjUtOTJqaC0zdmM5
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 3 years ago
Updated: over 1 year ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-8rf5-92jh-3vc9, CVE-2021-23900
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-23900
- https://github.com/OWASP/json-sanitizer/commit/a37f594f7378a1c76b3283e0dab9e1ab1dc0247e
- https://github.com/OWASP/json-sanitizer/compare/v1.2.1...v1.2.2
- https://groups.google.com/g/json-sanitizer-support/c/dAW1AeNMoA0
- https://github.com/advisories/GHSA-8rf5-92jh-3vc9
Blast Radius: 14.9
Affected Packages
maven:com.mikesamuel:json-sanitizer
Dependent packages: 36Dependent repositories: 97
Downloads:
Affected Version Ranges: < 1.2.2
Fixed in: 1.2.2
All affected versions: 1.2.0, 1.2.1
All unaffected versions: 1.2.2, 1.2.3