Vulnerabilities disclosed in json-20090211.jar

Issue date: 18-07-2023
Affects versions: 15.2, 15.1, 14.7, 13.4

Security Issue ID

SECURITY-424

Affected Product Version(s)

15.2.1, 14.7.13, 13.4.22 and previous releases.

Severity

High

Description

CVE-2022-45688 suppress

A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.

CWE-787 Out-of-bounds Write

CVSSv2:

Base Score: HIGH (7.5)
Vector: /AV:N/AC:L/Au:/C:N/I:N/A:H

Instructions

Customers are recommended to upgrade to the latest version. As of the time of writing, 15.2.3,14.7.14,13.4.23.

Get Started

Build a Website

Relevance Trail

Feed an AngularJS App

Deploy in BloomReach Cloud

Use Blue-Green Deployment in BloomReach Cloud

Understand

Implement

Extend

Integrate

Run

Upgrade

Develop

Use

Bloomreach Documentation version

Vulnerabilities disclosed in json-20090211.jar