CVE-2021-27568

Опубликовано: 23 фев. 2021

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Низкий

Описание

An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash or expose sensitive information.

Ссылки

https://github.com/netplex/json-smart-v1/issues/7
Exploit
Third Party Advisory
https://github.com/netplex/json-smart-v2/issues/60
Exploit
Third Party Advisory
https://lists.apache.org/thread.html/rb6287f5aa628c8d9af52b5401ec6cc51b6fc28ab20d318943453e396%40%3Ccommits.druid.apache.org%3E
https://lists.apache.org/thread.html/re237267da268c690df5e1c6ea6a38a7fc11617725e8049490f58a6fa%40%3Ccommits.druid.apache.org%3E
https://lists.apache.org/thread.html/rf70210b4d63191c0bfb2a0d5745e104484e71703bf5ad9cb01c980c6%40%3Ccommits.druid.apache.org%3E
https://www.oracle.com//security-alerts/cpujul2021.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html
Patch
Third Party Advisory
https://github.com/netplex/json-smart-v1/issues/7
Exploit
Third Party Advisory
https://github.com/netplex/json-smart-v2/issues/60
Exploit
Third Party Advisory
https://lists.apache.org/thread.html/rb6287f5aa628c8d9af52b5401ec6cc51b6fc28ab20d318943453e396%40%3Ccommits.druid.apache.org%3E
https://lists.apache.org/thread.html/re237267da268c690df5e1c6ea6a38a7fc11617725e8049490f58a6fa%40%3Ccommits.druid.apache.org%3E
https://lists.apache.org/thread.html/rf70210b4d63191c0bfb2a0d5745e104484e71703bf5ad9cb01c980c6%40%3Ccommits.druid.apache.org%3E
https://www.oracle.com//security-alerts/cpujul2021.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:json-smart_project:json-smart-v1:*:*:*:*:*:*:*:*

Версия до 1.3.2 (исключая)

cpe:2.3:a:json-smart_project:json-smart-v2:*:*:*:*:*:*:*:*

Версия до 2.3.1 (исключая)

cpe:2.3:a:json-smart_project:json-smart-v2:*:*:*:*:*:*:*:*

Версия от 2.4 (включая) до 2.4.1 (исключая)

Конфигурация 2

Одно из

cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:*

Версия до 2.12.42 (исключая)

cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*

cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*

cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 70%

0.00647

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-754

Связанные уязвимости

CVE-2021-27568

CVSS3: 5.9

redhat

почти 5 лет назад

GHSA-v528-7hrm-frqp

CVSS3: 5.9

github

больше 4 лет назад

Improper Check for Unusual or Exceptional Conditions in json-smart

BDU:2022-01228

CVSS3: 9.1

fstec

около 4 лет назад

Уязвимость библиотек json-smart-v1 и json-smart-v2, связанная с недостаточной проверкой необычных или исключительных состояний, позволяющая нарушителю вызвать аварийное завершение работы приложения или раскрыть защищаемую информацию

EPSS

Процентиль: 70%

0.00647

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-754