Lucene search

GitHub Advisory DatabaseGHSA-7RF3-MQPX-H7XG

HistoryDec 13, 2022 - 3:30 p.m.

Jettison Out-of-bounds Write vulnerability

2022-12-1315:30:26

CWE-787

GitHub Advisory Database

github.com

jettison v1.5.2 denial of service json

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

31.8%

JSON

A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data.

Affected configurations

Vulners

Node

org.codehaus.jettison\Matchjettison

CPENameOperatorVersion
org.codehaus.jettison:jettisonlt1.5.2

CPE	Name	Operator	Version
	org.codehaus.jettison:jettison	lt	1.5.2

References

github.com/advisories/GHSA-7rf3-mqpx-h7xg

github.com/jettison-json/jettison/issues/54

lists.debian.org/debian-lts-announce/2022/12/msg00045.html

nvd.nist.gov/vuln/detail/CVE-2022-45685

www.debian.org/security/2023/dsa-5312

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

31.8%

JSON

Related for GHSA-7RF3-MQPX-H7XG