Описание
Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.
Ссылки
- Exploit
- Exploit
- Patch
- ExploitIssue TrackingThird Party Advisory
- Patch
- Third Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
- Exploit
- Exploit
- Patch
- ExploitIssue TrackingThird Party Advisory
- Patch
- Third Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
EPSS
7.5 High
CVSS3
Дефекты
Связанные уязвимости
Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.
VulnCheck: CVE-2024-21907 Improper Handling of Exceptional Conditions in Newtonsoft.Json
Improper Handling of Exceptional Conditions in Newtonsoft.Json
Уязвимость метода JsonConvert.DeserializeObject JSON-фреймворка для платформы .NET Json.NET, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
7.5 High
CVSS3