CX: CVE-2022-45688 in Maven-org.json:json and 20131018 @ JavaVulnerableLab-1.refs/heads/master

github-actions[bot] commented 1 month ago

Description

A stack overflow in the "XML.toJSONObject" component of hutool-json allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data. This vulnerability affects "org.json:json" package versions prior to 20230227, and "cn.hutool:hutool-json" package versions prior to 5.8.25.

HIGH Vulnerable Package issue exists @ org.json:json in branch refs/heads/master

Vulnerability ID: CVE-2022-45688

Package Name: org.json:json

Severity: HIGH

CVSS Score: 7.5

Publish Date: 2022-12-13T15:15:00

Current Package Version: 20131018

Remediation Upgrade Recommendation: 20231013

Link To SCA

Reference – NVD link

github-actions[bot] commented 2 days ago

Issue still exists.

github-actions[bot] commented 2 days ago

Issue still exists.

SamHeadrickCx / JavaVulnerableLab-1

CX: CVE-2022-45688 in Maven-org.json:json and 20131018 @ JavaVulnerableLab-1.refs/heads/master #48