GHSA-8rfx-6mr3-5jh3 – newtonsoft.json

Package

Manager: nuget
Name: newtonsoft.json
Vulnerable Version: <0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: N/A

EPSS: N/A pctlN/A

Details

Duplicate Advisory: Improper Handling of Exceptional Conditions in Newtonsoft.Json ### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5crp-9r3c-p9vr. This link is maintained to preserve external references. ### Original Description Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.

Metadata

Created: 2024-01-03T18:30:51Z
Modified: 2024-09-06T21:37:39Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/01/GHSA-8rfx-6mr3-5jh3/GHSA-8rfx-6mr3-5jh3.json
CWE IDs: ["CWE-755"]
Alternative ID: N/A
Finding: N/A
Auto approve: 0