Description
Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack.
Remediation
References
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46549
https://github.com/jettison-json/jettison/issues/45
https://lists.debian.org/debian-lts-announce/2022/12/msg00045.html
https://www.debian.org/security/2023/dsa-5312
Related Vulnerabilities
CVE-2020-6452 Vulnerability in npm package electron
CVE-2019-20365 Vulnerability in maven package org.igniterealtime.openfire:xmppserver
CVE-2023-25813 Vulnerability in npm package sequelize
CVE-2022-25872 Vulnerability in npm package fast-string-search
CVE-2020-25724 Vulnerability in maven package io.quarkus:quarkus-resteasy-reactive-parent-aggregator