[MAVEN:GHSA-8RF5-92JH-3VC9] Uncaught Exception leading to Denial of Service in json-sanitizer

Severity High

Affected Packages 1

Fixed Packages 1

CVEs 1

OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these situations.

Package	Affected Version
pkg:maven/com.mikesamuel/json-sanitizer	< 1.2.2

Package	Fixed Version
pkg:maven/com.mikesamuel/json-sanitizer	= 1.2.2

ID: MAVEN:GHSA-8RF5-92JH-3VC9
Severity: high
URL: https://github.com/advisories/GHSA-8rf5-92jh-3vc9
Published: 2021-05-13T22:31:32
(3 years ago)
Modified: 2023-02-01T05:05:15
(19 months ago)
Rights: Maven Security Team

Source	# ID	Name	URL
			https://nvd.nist.gov/vuln/detail/CVE-2021-23900
			https://github.com/OWASP/json-sanitizer/commit/a37f594f7378a1c76b3283e0dab9e1ab1dc0247e
			https://github.com/OWASP/json-sanitizer/compare/v1.2.1...v1.2.2
			https://groups.google.com/g/json-sanitizer-support/c/dAW1AeNMoA0
			https://github.com/advisories/GHSA-8rf5-92jh-3vc9

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:maven/com.mikesamuel/json-sanitizer	com.mikesamuel	json-sanitizer	< 1.2.2
Fixed	pkg:maven/com.mikesamuel/json-sanitizer	com.mikesamuel	json-sanitizer	= 1.2.2

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date