Description
OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these situations.
Remediation
References
https://github.com/OWASP/json-sanitizer/commit/a37f594f7378a1c76b3283e0dab9e1ab1dc0247e
https://github.com/OWASP/json-sanitizer/compare/v1.2.1...v1.2.2
https://groups.google.com/g/json-sanitizer-support/c/dAW1AeNMoA0
Related Vulnerabilities
CVE-2022-23496 Vulnerability in maven package nl.basjes.parse.useragent:yauaa-beam-sql
CVE-2021-25931 Vulnerability in maven package org.opennms:opennms-webapp
CVE-2021-21391 Vulnerability in npm package @ckeditor/ckeditor5-markdown-gfm
CVE-2022-2063 Vulnerability in npm package nocodb
CVE-2023-4316 Vulnerability in maven package org.webjars.npm:zod