Lucene search

Https://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-80134B1D0B331F6DB57606754FD41FFF

HistoryDec 13, 2022 - 12:00 a.m.

hutool-json stack overflow vulnerability

2022-12-1300:00:00

https://gitlab.com/gitlab-org/security-products/gemnasium-db

gitlab.com

security

hutool-json

stack overflow

denial of service

jsontokener

xml data

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

41.7%

JSON

A stack overflow in the org.json.JSONTokener.nextValue::JSONTokener.java component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.

Affected configurations

Vulners

Node

mavenhutool-jsonRange≤5.8.10

VendorProductVersionCPE
mavenhutool-json*cpe:2.3:a:maven:hutool-json:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
maven	hutool-json	*	cpe:2.3:a:maven:hutool-json::::::::

References

github.com/advisories/GHSA-whgh-g24c-3j5q

github.com/dromara/hutool/issues/2746

github.com/stleary/JSON-java/commit/7a124d857dc8da1165c87fa788e53359a317d0f7

github.com/stleary/JSON-java/issues/654

nvd.nist.gov/vuln/detail/CVE-2022-45690

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

41.7%

JSON

Related for GITLAB-80134B1D0B331F6DB57606754FD41FFF