logo

Database

Insecure deserialization In newtonsoft.json

Description

Duplicate Advisory: Improper Handling of Exceptional Conditions in Newtonsoft.Json

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-5crp-9r3c-p9vr. This link is maintained to preserve external references.

Original Description

Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. NVD-2024-219072. GHSA-5crp-9r3c-p9vr3. GCVE-GHSA-8rfx-6mr3-5jh3

References

1. https://github.com/JamesNK/Newtonsoft.Json/issues/24572. https://github.com/JamesNK/Newtonsoft.Json/pull/24623. https://github.com/JamesNK/Newtonsoft.Json/commit/7e77bbe1beccceac4fc7b174b53abfefac278b664. https://alephsecurity.com/2018/10/22/StackOverflowException5. https://alephsecurity.com/vulns/aleph-20180046. https://vulncheck.com/advisories/vc-advisory-GHSA-5crp-9r3c-p9vr

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.