CVE-2023-34610

Опубликовано: 14 июн. 2023

Источник: redhat

CVSS3: 7.5

EPSS Низкий

Описание

An issue was discovered json-io thru 4.14.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.

A flaw was found in JSON-IO. This issue may allow a malicious user to use a specially crafted object using cyclic dependencies to cause a denial of service.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Integration Camel K 1	org.apache.camel-camel	Fix deferred
Red Hat JBoss Data Grid 7	org.infinispan.hadoop-infinispan-hadoop-aggregator	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-20

https://bugzilla.redhat.com/show_bug.cgi?id=2215162json-io: cyclic dependencies in a crafted object could result in Dos

EPSS

Процентиль: 31%

0.00117

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2023-34610

CVSS3: 7.5

nvd

больше 2 лет назад

An issue was discovered json-io thru 4.14.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.

GHSA-779h-3r69-4f5p

CVSS3: 7.5

github

больше 2 лет назад

json-io vulnerable to stack exhaustion

EPSS

Процентиль: 31%

0.00117

Низкий

7.5 High

CVSS3