Description

OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these situations.

Remediation

References

https://github.com/OWASP/json-sanitizer/commit/a37f594f7378a1c76b3283e0dab9e1ab1dc0247e

https://github.com/OWASP/json-sanitizer/compare/v1.2.1...v1.2.2

https://groups.google.com/g/json-sanitizer-support/c/dAW1AeNMoA0

Related Vulnerabilities

CVE-2022-48285 Vulnerability in maven package org.webjars.npm:github-com-stuk-jszip

CVE-2020-26291 Vulnerability in maven package org.webjars.npm:urijs

CVE-2012-4534 Vulnerability in maven package org.apache.tomcat:coyote

CVE-2022-31198 Vulnerability in maven package org.webjars.npm:openzeppelin__contracts-upgradeable

CVE-2023-22457 Vulnerability in maven package org.xwiki.contrib:application-ckeditor-plugins

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Patch Third Party Advisory NVD-CWE-noinfo