CX: Cx08fcacc9-cb99 in Maven-org.json:json and 20131018 @ JavaVulnerableLab-1.refs/heads/master

github-actions[bot] commented 2 years ago

Description

The package JSON-java before 20180130 is vulnerable to Denial of service. The method JSONArray() in class JSONArray() of file JSONArray.java, doesn't check for unclosed array while parsing, causing the application to crash, due to an StackOverflowException. This affects the Availability of the application.

HIGH Vulnerable Package issue exists @ org.json:json in branch refs/heads/master

Vulnerability ID: Cx08fcacc9-cb99

Package Name: org.json:json

Severity: HIGH

CVSS Score: 7.5

Publish Date: 2017-10-30T11:27:00

Current Package Version: 20131018

Remediation Upgrade Recommendation: 20231013

Link To SCA

Reference – NVD link

github-actions[bot] commented 2 years ago

Issue still exists.

github-actions[bot] commented 1 month ago

Issue still exists.

github-actions[bot] commented 4 days ago

Issue still exists.

SamHeadrickCx / JavaVulnerableLab-1

CX: Cx08fcacc9-cb99 in Maven-org.json:json and 20131018 @ JavaVulnerableLab-1.refs/heads/master #35