Описание
util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string.
A flaw was found in JSON-lib's JSONTokener component. This vulnerability allows a denial of service via an unbalanced comment string.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Logging Subsystem for Red Hat OpenShift | org.elasticsearch.plugin.prometheus-prometheus-exporter | Fix deferred | ||
| Red Hat Data Grid 8 | net.sf.json-lib/json-lib | Will not fix | ||
| Red Hat Fuse 7 | net.sf.json-lib/json-lib | Out of support scope | ||
| Red Hat JBoss Data Grid 7 | net.sf.json-lib/json-lib | Out of support scope | ||
| Red Hat JBoss Enterprise Application Platform 7 | net.sf.json-lib/json-lib | Out of support scope | ||
| Red Hat JBoss Enterprise Application Platform 8 | net.sf.json-lib/json-lib | Not affected | ||
| Red Hat JBoss Enterprise Application Platform Expansion Pack | net.sf.json-lib/json-lib | Not affected | ||
| Red Hat Single Sign-On 7 | net.sf.json-lib/json-lib | Fix deferred | ||
| streams for Apache Kafka | net.sf.json-lib/json-lib | Out of support scope | ||
| OCP-Tools-4.12-RHEL-8 | jenkins | Fixed | RHSA-2025:2223 | 04.03.2025 |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
5.3 Medium
CVSS3
Связанные уязвимости
util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string.
util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string.
util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalance ...
5.3 Medium
CVSS3