CVE-2022-40149 @ Maven-org.codehaus.jettison:jettison-1.2

**Vulnerable Package** issue exists @ **Maven\-org.codehaus.jettison:jettison\-1.2** in branch **master**

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This issue affects versions prior to 1.5.1.

**Namespace:** cyates-checkmarx
**Repository:** JVL
**Repository Url:** https://github.com/cyates-checkmarx/JVL
**CxAST\-Project:** cyates-checkmarx/JVL
**CxAST platform scan:** [7b012027\-b586\-4987\-b934\-7a017732de85](https://deu.ast.checkmarx.net/projects/4146861d-e509-4b58-9609-77f68fb1a24d/scans?id=7b012027-b586-4987-b934-7a017732de85&branch=master)
**Branch:** master
**Application:** JVL
**Severity:** HIGH
**State:** NOT_IGNORED
**Status:** RECURRENT
**CWE:** CWE-787


----
**Additional Info**
**Attack vector:** NETWORK
**Attack complexity:** LOW
**Confidentiality impact:** NONE
**Availability impact:** HIGH
**Remediation Upgrade Recommendation:** 1.5.4


----
**References**
[Advisory](https://github.com/advisories/GHSA-56h3-78gp-v83r)
[Commit](https://github.com/jettison-json/jettison/commit/395f8625bcf688743872c8e7f59360d372e77811)
[Issue](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46538)
[Pull request](https://github.com/jettison-json/jettison/pull/48)
[Issue](https://github.com/jettison-json/jettison/issues/47)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2022-40149 @ Maven-org.codehaus.jettison:jettison-1.2 #63

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development