GHSA-779h-3r69-4f5p

Опубликовано: 14 июн. 2023

Источник: github

Github: Прошло ревью

CVSS4: 8.7

CVSS3: 7.5

Описание

json-io vulnerable to stack exhaustion

An issue was discovered json-io through 4.14.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.

Ссылки

Пакеты

Наименование

com.cedarsoftware:json-io

maven

Затронутые версииВерсия исправления

< 4.14.1

4.14.1

EPSS

Процентиль: 31%

0.00117

Низкий

8.7 High

CVSS4

7.5 High

CVSS3

CVE ID

CVE-2023-34610

Дефекты

CWE-400

CWE-787

Связанные уязвимости

CVE-2023-34610

CVSS3: 7.5

redhat

больше 2 лет назад

An issue was discovered json-io thru 4.14.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.

CVE-2023-34610

CVSS3: 7.5

nvd

больше 2 лет назад

An issue was discovered json-io thru 4.14.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.

EPSS

Процентиль: 31%

0.00117

Низкий

8.7 High

CVSS4

7.5 High

CVSS3

CVE ID

CVE-2023-34610

Дефекты

CWE-400

CWE-787