org.codehaus.jettison:jettison is vulnerable to Denial of Service (DoS). The vulnerability is due to an infinite loop when constructing a JSONArray
from a Collection that contains a self-reference in one of its elements which leads to a StackOverflowError exception, resulting in an application crash.
CPE | Name | Operator | Version |
---|---|---|---|
jettison | le | 1.5.3 | |
libjettison-java:sid | eq | 1.4.1-1 | |
libjettison-java:sid | eq | 1.4.0-1 | |
jettison | le | 1.5.3 | |
libjettison-java:sid | eq | 1.4.1-1 | |
libjettison-java:sid | eq | 1.4.0-1 |
github.com/advisories/GHSA-q6g2-g7f3-rr83
github.com/jettison-json/jettison/commit/c20a8be23f698d7d89b7ccf8d328971cf4709b9f
github.com/jettison-json/jettison/issues/60
github.com/jettison-json/jettison/pull/62
github.com/jettison-json/jettison/releases/tag/jettison-1.5.4
research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/