json-smart error-handling vulnerability

Issue date: 21-09-2021
Affects versions: 14.6, 13.4, 12.6

Security Issue ID

SECURITY-247

Affected Product Version(s)

12.6.16, 13.4.9, 14.6.0 and previous releases.

Severity

medium

Description

CVE-2021-27568

An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash or expose sensitive information.

Instructions

Customers using the 12.x, 13.x and 14.x major versions are recommended to upgrade to the latest version in that series.

Get Started

Build a Website

Relevance Trail

Feed an AngularJS App

Understand Hippo

Implement Hippo

Extend Hippo

Integrate Hippo

Run Hippo

Upgrade Hippo

Develop Hippo

Use Hippo

Report an Issue

Bloomreach Documentation version

json-smart error-handling vulnerability