-
Notifications
You must be signed in to change notification settings - Fork 17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Checkmarx][OSA] Cxdb5a1032-eda2 - Score 7.5 - org.json:json:20170516 #190
Comments
** Library Details ** ** Library Severity Details ** ** CVE Details ** ** Recommendations ** |
Library Details Library Severity Details CVE Details Recommendations |
8 similar comments
Library Details Library Severity Details CVE Details Recommendations |
Library Details Library Severity Details CVE Details Recommendations |
Library Details Library Severity Details CVE Details Recommendations |
Library Details Library Severity Details CVE Details Recommendations |
Library Details Library Severity Details CVE Details Recommendations |
Library Details Library Severity Details CVE Details Recommendations |
Library Details Library Severity Details CVE Details Recommendations |
Library Details Library Severity Details CVE Details Recommendations |
Vulnerability does not exist anymore |
1 similar comment
Vulnerability does not exist anymore |
** Library Details **
Library ID: 2DA28C5536606251BE5586AE4F0607C9272719B8
Library Name: org.json:json
Library Version: 20170516
Library Source File Name:
Library Confidence Level: 100
** Library Severity Details **
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
** CVE Details **
CVE Name: Cxdb5a1032-eda2
CVE Score: 7.5
Severity: High
State: TO_VERIFY
CVE Publish Date: 2019-09-17T10:37:00
CVE URL: stleary/JSON-java#484
CVE Description: The package
JSON-java
is vulnerable to Denial Of Service. The functionnextMeta
in the fileXMLTokener.java
runs into an infinite loop as the JSONTokener.nextMeta() functionreturns the same character repeatedly and never advances the Tokener index. Due to this flaw, the availability of the application is affected.
** Recommendations **
Library Newest Version: 20190722
Library Newest Version Release Date: 2019-08-07T00:56:35
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 20190722
The text was updated successfully, but these errors were encountered: