CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
27.6%
JSON-Java is vulnerable to Denial of Service. The vulnerability is due to chars with value \0
being parsed incorrectly, which can results in an input string of modest size causing indefinite amounts of memory usage.
www.openwall.com/lists/oss-security/2023/12/13/4
github.com/advisories/GHSA-rm7j-f5g5-27vv
github.com/stleary/JSON-java/commit/60662e2f8384d3449822a3a1179bfe8de67b55bb
github.com/stleary/JSON-java/issues/758
github.com/stleary/JSON-java/issues/771
github.com/stleary/JSON-java/issues/789
security.netapp.com/advisory/ntap-20240621-0007/