[CASSANDRA-18643] jackson-core vulnerability: CVE-2022-45688 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Normal
Resolution: Fixed
Fix Version/s: 3.11.16, 4.0.11, 4.1.3, 5.0-alpha1, 5.0
Component/s: Dependencies
Labels:
None

Bug Category:
Security - Denial of Service
Severity:
Normal
Complexity:
Normal
Discovered By:
User Report
Platform:

All
Impacts:

None
Since Version:

NA
Source Control Link:

https://github.com/apache/cassandra/commit/d302b837b2b9a6854a98f83ecf687b08a58562fc
Test and Documentation Plan:

Hide

run CI

Show
run CI

Description

This is failing owasp.

https://nvd.nist.gov/vuln/detail/CVE-2022-45688

A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.

Attachments

Activity

People

Assignee:: Brandon Williams

Reporter:: Brandon Williams

Authors:: Brandon Williams

Reviewers:: Berenguer Blasi

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 30/Jun/23 11:53

Updated:: 12/Sep/23 13:02

Resolved:: 06/Jul/23 14:54