Description
OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these situations.
Remediation
References
https://github.com/OWASP/json-sanitizer/commit/a37f594f7378a1c76b3283e0dab9e1ab1dc0247e
https://github.com/OWASP/json-sanitizer/compare/v1.2.1...v1.2.2
https://groups.google.com/g/json-sanitizer-support/c/dAW1AeNMoA0
Related Vulnerabilities
CVE-2022-48285 Vulnerability in maven package org.webjars.npm:github-com-stuk-jszip
CVE-2020-26291 Vulnerability in maven package org.webjars.npm:urijs
CVE-2012-4534 Vulnerability in maven package org.apache.tomcat:coyote
CVE-2022-31198 Vulnerability in maven package org.webjars.npm:openzeppelin__contracts-upgradeable
CVE-2023-22457 Vulnerability in maven package org.xwiki.contrib:application-ckeditor-plugins