stleary/JSON-java on GitHub
A reference implementation of a JSON package in Java.
CVE History
CVE | Published | CVSS v2 | CVSS v3 |
---|---|---|---|
CVE-2023-5072 | 7.5 HIGH | N/A | |
Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used. | |||
CVE-2022-45688 | 7.5 HIGH | N/A | |
A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data. | |||
CVE-2022-45690 | 7.5 HIGH | N/A | |
A stack overflow in the org.json.JSONTokener.nextValue::JSONTokener.java component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data. |