CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5072 – DoS Vulnerability in JSON-Java
https://notcve.org/view.php?id=CVE-2023-5072
Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used. Denegación de Servicio (DoS) en versiones JSON-Java hasta 20230618 incluida. Un error en el analizador significa que una cadena de entrada de tamaño modesto puede provocar el uso de cantidades indefinidas de memoria. A flaw was found in the org.json package. • http://www.openwall.com/lists/oss-security/2023/12/13/4 https://github.com/stleary/JSON-java/issues/758 https://github.com/stleary/JSON-java/issues/771 https://security.netapp.com/advisory/ntap-20240621-0007 https://access.redhat.com/security/cve/CVE-2023-5072 https://bugzilla.redhat.com/show_bug.cgi?id=2246417 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2022-45688
https://notcve.org/view.php?id=CVE-2022-45688
A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data. Un desbordamiento de pila en el componente XML.toJSONObject de hutool-json v5.8.10 permite a los atacantes provocar una Denegación de Servicio (DoS) a través de datos JSON o XML manipulados. • https://github.com/dromara/hutool/issues/2748 https://github.com/stleary/JSON-java/issues/708 • CWE-787: Out-of-bounds Write •