search

SamHeadrickCx / JavaVulnerableLab-1

lab
GNU General Public License v2.0
0 stars 0 forks source link

CX: Cx2906ba70-607a in Maven-org.json:json and 20131018 @ JavaVulnerableLab-1.refs/heads/master #6

Open github-actions[bot] opened 2 years ago

github-actions[bot] commented 2 years ago

Description

The package JSON-java before 20171018 is vulnerable to Denial Of Service attack. The function unescape() used in multiple java files, unescapes a given XML string twice, causing the application to crash, due to StringIndexOutOfBoundsException.

HIGH Vulnerable Package issue exists @ org.json:json in branch refs/heads/master

Vulnerability ID: Cx2906ba70-607a

Package Name: org.json:json

Severity: HIGH

CVSS Score: 7.5

Publish Date: 2017-08-18T09:31:00

Current Package Version: 20131018

Remediation Upgrade Recommendation: 20231013

Link To SCA

Reference – NVD link

github-actions[bot] commented 2 years ago

Issue still exists.

github-actions[bot] commented 1 month ago

Issue still exists.

github-actions[bot] commented 4 days ago

Issue still exists.

github-actions[bot] commented 4 days ago

Issue still exists.