jettison is vulnerable to Denial Of Service (DoS). The vulnerability exists due to the stack overflow in the convertToJSONPrimitive
function of DefaultConverter.java
, allowing an attacker to cause an application crash by providing malicious input through the parser.
bugs.chromium.org/p/oss-fuzz/issues/detail?id=46538
github.com/advisories/GHSA-56h3-78gp-v83r
github.com/jettison-json/jettison/commit/cfc7382c4dab4e207d2db2f0a70f60ce565e477d
github.com/jettison-json/jettison/issues/45
github.com/jettison-json/jettison/pull/43
lists.debian.org/debian-lts-announce/2022/11/msg00011.html
www.debian.org/security/2023/dsa-5312