"Resiliency Studio" is a self-service Resilience Validation Platform, which helps to identify failure points within a system, aids to engineer applications to be fault-tolerant with self-healing capabilities
Other
0
stars
0
forks
source link
CVE-2021-27568 (High) detected in json-smart-2.2.1.jar - autoclosed #335
JSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate. It is based on a subset of the JavaScript Programming Language, Standard ECMA-262 3rd Edition - December 1999. JSON is a text format that is completely language independent but uses conventions that are familiar to programmers of the C-family of languages, including C, C++, C#, Java, JavaScript, Perl, Python, and many others. These properties make JSON an ideal data-interchange language.
Path to dependency file: Resiliency-Studio/resiliency-studio-service/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/net/minidev/json-smart/2.2.1/json-smart-2.2.1.jar,/home/wss-scanner/.m2/repository/net/minidev/json-smart/2.2.1/json-smart-2.2.1.jar,/home/wss-scanner/.m2/repository/net/minidev/json-smart/2.2.1/json-smart-2.2.1.jar
An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash or expose sensitive information.
CVE-2021-27568 - High Severity Vulnerability
JSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate. It is based on a subset of the JavaScript Programming Language, Standard ECMA-262 3rd Edition - December 1999. JSON is a text format that is completely language independent but uses conventions that are familiar to programmers of the C-family of languages, including C, C++, C#, Java, JavaScript, Perl, Python, and many others. These properties make JSON an ideal data-interchange language.
Library home page: http://www.minidev.net/
Path to dependency file: Resiliency-Studio/resiliency-studio-service/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/net/minidev/json-smart/2.2.1/json-smart-2.2.1.jar,/home/wss-scanner/.m2/repository/net/minidev/json-smart/2.2.1/json-smart-2.2.1.jar,/home/wss-scanner/.m2/repository/net/minidev/json-smart/2.2.1/json-smart-2.2.1.jar
Dependency Hierarchy: - spring-boot-starter-test-1.5.1.RELEASE.jar (Root Library) - json-path-2.2.0.jar - :x: **json-smart-2.2.1.jar** (Vulnerable Library)
Found in HEAD commit: 9809d9b7bfdc114eafb0a14d86667f3a76a014e8
An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash or expose sensitive information.
Publish Date: 2021-02-23
URL: CVE-2021-27568
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://github.com/netplex/json-smart-v1/issues/7
Release Date: 2021-02-23
Fix Resolution: net.minidev:json-smart-mini:1.3.2;net.minidev:json-smart:1.3.2,2.3.1,2.4.2;net.minidev:json-smart-action:2.3.1,2.4.2