Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-1436

Опубликовано: 22 мар. 2023
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.

A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
A-MQ Clients 2jettisonNot affected
Logging Subsystem for Red Hat OpenShiftopenshift-logging/elasticsearch6-rhel8Affected
Red Hat Data Grid 8jettisonNot affected
Red Hat Decision Manager 7jettisonOut of support scope
Red Hat Enterprise Linux 7jettisonOut of support scope
Red Hat Enterprise Linux 8log4j:2/log4jWill not fix
Red Hat Enterprise Linux 9log4jWill not fix
Red Hat Fuse 7jettisonOut of support scope
Red Hat Integration Camel K 1jettisonAffected
Red Hat JBoss Data Grid 7jettisonOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-674
https://bugzilla.redhat.com/show_bug.cgi?id=2182788jettison: Uncontrolled Recursion in JSONArray

EPSS

Процентиль: 6%
0.00026
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-1436

CVSS3: 5.9
ubuntu
почти 3 года назад

An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.

nvd логотип

CVE-2023-1436

CVSS3: 5.9
nvd
почти 3 года назад

An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.

debian логотип

CVE-2023-1436

CVSS3: 5.9
debian
почти 3 года назад

An infinite recursion is triggered in Jettison when constructing a JSO ...

suse-cvrf логотип

SUSE-SU-2023:1948-1

suse-cvrf
почти 3 года назад

Security update for jettison

github логотип

GHSA-q6g2-g7f3-rr83

CVSS3: 7.5
github
почти 3 года назад

Jettison vulnerable to infinite recursion

EPSS

Процентиль: 6%
0.00026
Низкий

7.5 High

CVSS3