This repository has been archived by the owner on Apr 29, 2024. It is now read-only.
WS-2017-3805 (High) detected in json-20160212.jar #154
Labels
Mend: dependency security vulnerability
Security vulnerability detected by WhiteSource
WS-2017-3805 - High Severity Vulnerability
Vulnerable Library - json-20160212.jar
JSON is a light-weight, language independent, data interchange format. See http://www.JSON.org/
Library home page: https://github.com/douglascrockford/JSON-java
Path to dependency file: /pom.xml
Path to vulnerable library: /pom.xml
Dependency Hierarchy:
Found in HEAD commit: 51d8b15fc29a554c2cfa6ca4ef2ef31d8e753329
Found in base branch: master
Vulnerability Details
Affected versions of JSON In Java are vulnerable to Denial of Service (DoS) when trying to initialize a JSONArray object and the input is [. This will cause the jvm to crash with StackOverflowError due to non-cyclical stack overflow.
Publish Date: 2017-10-30
URL: WS-2017-3805
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2017-10-30
Fix Resolution: org.json:json:20180130
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: