Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
Upgrade jettison to 1.5.4 due to CVE-2023-1436
CVE-2023-1436:- An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.
CVSSv3 Score:- 7.5(High)
Affected Version:- upto 1.5.4(excluding)
https://nvd.nist.gov/vuln/detail/CVE-2023-1436
Attachments
Issue Links
- links to