High severityNVD Advisory· Published Oct 31, 2018· Updated Aug 5, 2024
CVE-2018-18854
CVE-2018-18854
Description
Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service (resource consumption) because of Algorithmic Complexity during the parsing of many JSON object fields (with keys that have the same hash code).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
io.spray:spray-json_2.12Maven | < 1.3.5 | 1.3.5 |
io.spray:spray-json_2.11Maven | < 1.3.5 | 1.3.5 |
io.spray:spray-json_2.10Maven | < 1.3.5 | 1.3.5 |
Affected products
3- ghsa-coords3 versionspkg:maven/io.spray/spray-json_2.10pkg:maven/io.spray/spray-json_2.11pkg:maven/io.spray/spray-json_2.12
< 1.3.5+ 2 more
- (no CPE)range: < 1.3.5
- (no CPE)range: < 1.3.5
- (no CPE)range: < 1.3.5
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-q8xj-8xg3-w432ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-18854ghsaADVISORY
- github.com/spray/spray-json/issues/277ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.