Description

OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these situations.

Remediation

References

https://groups.google.com/g/json-sanitizer-support/c/dAW1AeNMoA0

https://github.com/OWASP/json-sanitizer/compare/v1.2.1...v1.2.2

https://github.com/OWASP/json-sanitizer/commit/a37f594f7378a1c76b3283e0dab9e1ab1dc0247e

Related Vulnerabilities

CVE-2022-36891 Vulnerability in maven package org.jenkins-ci.plugins:deployer-framework

CVE-2017-16031 Vulnerability in npm package socket.io

CVE-2022-0272 Vulnerability in maven package io.gitlab.arturbosch.detekt:detekt-core

CVE-2022-25312 Vulnerability in maven package org.apache.any23:apache-any23

CVE-2022-31194 Vulnerability in maven package org.dspace:dspace-jspui

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Third Party Advisory Patch NVD-CWE-noinfo