CVE-2021-23900 – com.mikesamuel:json-sanitizer

Package

Manager: maven
Name: com.mikesamuel:json-sanitizer
Vulnerable Version: >=0 <1.2.2

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00408 pctl0.60392

Details

Uncaught Exception leading to Denial of Service in json-sanitizer OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these situations.

Metadata

Created: 2021-05-13T22:31:32Z
Modified: 2021-04-06T21:46:21Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-8rf5-92jh-3vc9/GHSA-8rf5-92jh-3vc9.json
CWE IDs: ["CWE-248"]
Alternative ID: GHSA-8rf5-92jh-3vc9
Finding: F140
Auto approve: 1