CVE-2021-23900

HIGH7.5EPSS 0.41%

Uncaught Exception leading to Denial of Service in json-sanitizer

Published: 5/13/2021Modified: 11/8/2023

Description

OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these situations.

Affected packages (1)

Maven/com.mikesamuel:json-sanitizerfrom 0, < 1.2.2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-23900
WEBhttps://github.com/OWASP/json-sanitizer/commit/a37f594f7378a1c76b3283e0dab9e1ab1dc0247e
WEBhttps://github.com/OWASP/json-sanitizer/compare/v1.2.1...v1.2.2
WEBhttps://groups.google.com/g/json-sanitizer-support/c/dAW1AeNMoA0