Lucene search

GitHub Advisory DatabaseGHSA-FXRC-HG6J-6V3X

HistoryDec 13, 2022 - 3:30 p.m.

hutool-json vulnerable to memory exhaustion

2022-12-1315:30:26

CWE-400

GitHub Advisory Database

github.com

hutool-json cve-2022-45690 software

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

41.7%

JSON

hutool-json v5.8.10 was discovered to contain an out of memory error. This issue is similar to CVE-2022-45690.

Affected configurations

Vulners

Node

cn.hutoolhutool-jsonRange≤5.8.10

VendorProductVersionCPE
cn.hutoolhutool-json*cpe:2.3:a:cn.hutool:hutool-json:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cn.hutool	hutool-json	*	cpe:2.3:a:cn.hutool:hutool-json::::::::

References

github.com/advisories/GHSA-fxrc-hg6j-6v3x

github.com/dromara/hutool/issues/2747

nvd.nist.gov/vuln/detail/CVE-2022-45689

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

41.7%

JSON

Related for GHSA-FXRC-HG6J-6V3X