The package JSON-java before 20171018 is vulnerable to Denial Of Service attack. The function unescape() used in multiple java files, unescapes a given XML string twice, causing the application to crash, due to StringIndexOutOfBoundsException.
HIGH Vulnerable Package issue exists @ org.json:json in branch master
Description
The package
JSON-javabefore 20171018 is vulnerable to Denial Of Service attack. The functionunescape()used in multiple java files, unescapes a given XML string twice, causing the application to crash, due to StringIndexOutOfBoundsException.HIGH Vulnerable Package issue exists @ org.json:json in branch master
Vulnerability ID: Cx2906ba70-607a
Package Name: org.json:json
Severity: HIGH
CVSS Score: 7.5
Publish Date: 2017-08-18T09:31:00
Current Package Version: 20090211
Remediation Upgrade Recommendation: 20200518
Link To SCA