The package JSON-java before 20200518 is vulnerable to Denial Of Service. The function nextMeta in the file XMLTokener.java runs into an infinite loop as the JSONTokener.nextMeta() function
returns the same character repeatedly and never advances the Tokener index. Due to this flaw, the availability of the application is affected.
HIGH Vulnerable Package issue exists @ org.json:json in branch master
Description
The package
JSON-java
before 20200518 is vulnerable to Denial Of Service. The functionnextMeta
in the fileXMLTokener.java
runs into an infinite loop as the JSONTokener.nextMeta() function returns the same character repeatedly and never advances the Tokener index. Due to this flaw, the availability of the application is affected.HIGH Vulnerable Package issue exists @ org.json:json in branch master
Vulnerability ID: Cxdb5a1032-eda2
Package Name: org.json:json
Severity: HIGH
CVSS Score: 7.5
Publish Date: 2019-09-17T10:37:00
Current Package Version: 20090211
Remediation Upgrade Recommendation: 20200518
Link To SCA