Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Checkmarx][OSA] Cxdb5a1032-eda2 - Score 7.5 - org.json:json:20170516 #190

Closed
miguelfreitas93 opened this issue Jun 16, 2020 · 12 comments
Closed

[Checkmarx][OSA] Cxdb5a1032-eda2 - Score 7.5 - org.json:json:20170516 #190

miguelfreitas93 opened this issue Jun 16, 2020 · 12 comments
Assignees
@miguelfreitas93
Labels
bug Something isn't working checkmarx High osa test Label for testing purposes To Verify

Comments

@miguelfreitas93
Copy link
Contributor

** Library Details **
Library ID: 2DA28C5536606251BE5586AE4F0607C9272719B8
Library Name: org.json:json
Library Version: 20170516
Library Source File Name:
Library Confidence Level: 100

** Library Severity Details **
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0

** CVE Details **
CVE Name: Cxdb5a1032-eda2
CVE Score: 7.5
Severity: High
State: TO_VERIFY
CVE Publish Date: 2019-09-17T10:37:00
CVE URL: stleary/JSON-java#484
CVE Description: The package JSON-java is vulnerable to Denial Of Service. The function nextMeta in the file XMLTokener.java runs into an infinite loop as the JSONTokener.nextMeta() function
returns the same character repeatedly and never advances the Tokener index. Due to this flaw, the availability of the application is affected.

** Recommendations **
Library Newest Version: 20190722
Library Newest Version Release Date: 2019-08-07T00:56:35
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 20190722
@miguelfreitas93 miguelfreitas93 added bug Something isn't working checkmarx High osa test Label for testing purposes To Verify labels Jun 16, 2020
@miguelfreitas93 miguelfreitas93 self-assigned this Jun 16, 2020
@miguelfreitas93
Copy link
Contributor Author

** Library Details **
Library ID: 2DA28C5536606251BE5586AE4F0607C9272719B8
Library Name: org.json:json
Library Version: 20170516
Library Source File Name:
Library Confidence Level: 100

** Library Severity Details **
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0

** CVE Details **
CVE Name: Cxdb5a1032-eda2
CVE Score: 7.5
Severity: High
State: TO_VERIFY
CVE Publish Date: 2019-09-17T10:37:00
CVE URL: stleary/JSON-java#484
CVE Description: The package JSON-java is vulnerable to Denial Of Service. The function nextMeta in the file XMLTokener.java runs into an infinite loop as the JSONTokener.nextMeta() function
returns the same character repeatedly and never advances the Tokener index. Due to this flaw, the availability of the application is affected.

** Recommendations **
Library Newest Version: 20190722
Library Newest Version Release Date: 2019-08-07T00:56:35
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 20190722

@miguelfreitas93
Copy link
Contributor Author

Library Details
Library ID: 2DA28C5536606251BE5586AE4F0607C9272719B8
Library Name: org.json:json
Library Version: 20170516
Library Source File Name:
Library Confidence Level: 100

Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0

CVE Details
CVE Name: Cxdb5a1032-eda2
CVE Score: 7.5
Severity: High
State: TO_VERIFY
CVE Publish Date: 2019-09-17T10:37:00
CVE URL: stleary/JSON-java#484
CVE Description: The package JSON-java is vulnerable to Denial Of Service. The function nextMeta in the file XMLTokener.java runs into an infinite loop as the JSONTokener.nextMeta() function
returns the same character repeatedly and never advances the Tokener index. Due to this flaw, the availability of the application is affected.

Recommendations
Library Newest Version: 20190722
Library Newest Version Release Date: 2019-08-07T00:56:35
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 20190722

8 similar comments
@miguelfreitas93
Copy link
Contributor Author

Library Details
Library ID: 2DA28C5536606251BE5586AE4F0607C9272719B8
Library Name: org.json:json
Library Version: 20170516
Library Source File Name:
Library Confidence Level: 100

Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0

CVE Details
CVE Name: Cxdb5a1032-eda2
CVE Score: 7.5
Severity: High
State: TO_VERIFY
CVE Publish Date: 2019-09-17T10:37:00
CVE URL: stleary/JSON-java#484
CVE Description: The package JSON-java is vulnerable to Denial Of Service. The function nextMeta in the file XMLTokener.java runs into an infinite loop as the JSONTokener.nextMeta() function
returns the same character repeatedly and never advances the Tokener index. Due to this flaw, the availability of the application is affected.

Recommendations
Library Newest Version: 20190722
Library Newest Version Release Date: 2019-08-07T00:56:35
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 20190722

@miguelfreitas93
Copy link
Contributor Author

Library Details
Library ID: 2DA28C5536606251BE5586AE4F0607C9272719B8
Library Name: org.json:json
Library Version: 20170516
Library Source File Name:
Library Confidence Level: 100

Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0

CVE Details
CVE Name: Cxdb5a1032-eda2
CVE Score: 7.5
Severity: High
State: TO_VERIFY
CVE Publish Date: 2019-09-17T10:37:00
CVE URL: stleary/JSON-java#484
CVE Description: The package JSON-java is vulnerable to Denial Of Service. The function nextMeta in the file XMLTokener.java runs into an infinite loop as the JSONTokener.nextMeta() function
returns the same character repeatedly and never advances the Tokener index. Due to this flaw, the availability of the application is affected.

Recommendations
Library Newest Version: 20190722
Library Newest Version Release Date: 2019-08-07T00:56:35
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 20190722

@miguelfreitas93
Copy link
Contributor Author

Library Details
Library ID: 2DA28C5536606251BE5586AE4F0607C9272719B8
Library Name: org.json:json
Library Version: 20170516
Library Source File Name:
Library Confidence Level: 100

Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0

CVE Details
CVE Name: Cxdb5a1032-eda2
CVE Score: 7.5
Severity: High
State: TO_VERIFY
CVE Publish Date: 2019-09-17T10:37:00
CVE URL: stleary/JSON-java#484
CVE Description: The package JSON-java is vulnerable to Denial Of Service. The function nextMeta in the file XMLTokener.java runs into an infinite loop as the JSONTokener.nextMeta() function
returns the same character repeatedly and never advances the Tokener index. Due to this flaw, the availability of the application is affected.

Recommendations
Library Newest Version: 20190722
Library Newest Version Release Date: 2019-08-07T00:56:35
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 20190722

@miguelfreitas93
Copy link
Contributor Author

Library Details
Library ID: 2DA28C5536606251BE5586AE4F0607C9272719B8
Library Name: org.json:json
Library Version: 20170516
Library Source File Name:
Library Confidence Level: 100

Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0

CVE Details
CVE Name: Cxdb5a1032-eda2
CVE Score: 7.5
Severity: High
State: TO_VERIFY
CVE Publish Date: 2019-09-17T10:37:00
CVE URL: stleary/JSON-java#484
CVE Description: The package JSON-java is vulnerable to Denial Of Service. The function nextMeta in the file XMLTokener.java runs into an infinite loop as the JSONTokener.nextMeta() function
returns the same character repeatedly and never advances the Tokener index. Due to this flaw, the availability of the application is affected.

Recommendations
Library Newest Version: 20190722
Library Newest Version Release Date: 2019-08-07T00:56:35
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 20190722

@miguelfreitas93
Copy link
Contributor Author

Library Details
Library ID: 2DA28C5536606251BE5586AE4F0607C9272719B8
Library Name: org.json:json
Library Version: 20170516
Library Source File Name:
Library Confidence Level: 100

Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0

CVE Details
CVE Name: Cxdb5a1032-eda2
CVE Score: 7.5
Severity: High
State: TO_VERIFY
CVE Publish Date: 2019-09-17T10:37:00
CVE URL: stleary/JSON-java#484
CVE Description: The package JSON-java is vulnerable to Denial Of Service. The function nextMeta in the file XMLTokener.java runs into an infinite loop as the JSONTokener.nextMeta() function
returns the same character repeatedly and never advances the Tokener index. Due to this flaw, the availability of the application is affected.

Recommendations
Library Newest Version: 20190722
Library Newest Version Release Date: 2019-08-07T00:56:35
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 20190722

@miguelfreitas93
Copy link
Contributor Author

Library Details
Library ID: 2DA28C5536606251BE5586AE4F0607C9272719B8
Library Name: org.json:json
Library Version: 20170516
Library Source File Name:
Library Confidence Level: 100

Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0

CVE Details
CVE Name: Cxdb5a1032-eda2
CVE Score: 7.5
Severity: High
State: TO_VERIFY
CVE Publish Date: 2019-09-17T10:37:00
CVE URL: stleary/JSON-java#484
CVE Description: The package JSON-java is vulnerable to Denial Of Service. The function nextMeta in the file XMLTokener.java runs into an infinite loop as the JSONTokener.nextMeta() function
returns the same character repeatedly and never advances the Tokener index. Due to this flaw, the availability of the application is affected.

Recommendations
Library Newest Version: 20190722
Library Newest Version Release Date: 2019-08-07T00:56:35
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 20190722

@miguelfreitas93
Copy link
Contributor Author

Library Details
Library ID: 2DA28C5536606251BE5586AE4F0607C9272719B8
Library Name: org.json:json
Library Version: 20170516
Library Source File Name:
Library Confidence Level: 100

Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0

CVE Details
CVE Name: Cxdb5a1032-eda2
CVE Score: 7.5
Severity: High
State: TO_VERIFY
CVE Publish Date: 2019-09-17T10:37:00
CVE URL: stleary/JSON-java#484
CVE Description: The package JSON-java is vulnerable to Denial Of Service. The function nextMeta in the file XMLTokener.java runs into an infinite loop as the JSONTokener.nextMeta() function
returns the same character repeatedly and never advances the Tokener index. Due to this flaw, the availability of the application is affected.

Recommendations
Library Newest Version: 20190722
Library Newest Version Release Date: 2019-08-07T00:56:35
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 20190722

@miguelfreitas93
Copy link
Contributor Author

Library Details
Library ID: 2DA28C5536606251BE5586AE4F0607C9272719B8
Library Name: org.json:json
Library Version: 20170516
Library Source File Name:
Library Confidence Level: 100

Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0

CVE Details
CVE Name: Cxdb5a1032-eda2
CVE Score: 7.5
Severity: High
State: TO_VERIFY
CVE Publish Date: 2019-09-17T10:37:00
CVE URL: stleary/JSON-java#484
CVE Description: The package JSON-java is vulnerable to Denial Of Service. The function nextMeta in the file XMLTokener.java runs into an infinite loop as the JSONTokener.nextMeta() function
returns the same character repeatedly and never advances the Tokener index. Due to this flaw, the availability of the application is affected.

Recommendations
Library Newest Version: 20190722
Library Newest Version Release Date: 2019-08-07T00:56:35
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 20190722

@miguelfreitas93
Copy link
Contributor Author

Vulnerability does not exist anymore

1 similar comment
@miguelfreitas93
Copy link
Contributor Author

Vulnerability does not exist anymore

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@miguelfreitas93 miguelfreitas93

Labels
bug Something isn't working checkmarx High osa test Label for testing purposes To Verify
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@miguelfreitas93