VYPR
Moderate severityNVD Advisory· Published Jan 5, 2022· Updated Apr 22, 2025

Hash collision in typelevel jawn

CVE-2022-21653

Description

Jawn is an open source JSON parser. Extenders of the org.typelevel.jawn.SimpleFacade and org.typelevel.jawn.MutableFacade who don't override objectContext() are vulnerable to a hash collision attack which may result in a denial of service. Most applications do not implement these traits directly, but inherit from a library. jawn-parser-1.3.1 fixes this issue and users are advised to upgrade. For users unable to upgrade override objectContext() to use a collision-safe collection.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.typelevel:jawn-parser_0.25Maven
>= 0
org.typelevel:jawn-parsergMaven
>= 0
org.typelevel:jawn-parser_0.27Maven
>= 0
org.typelevel:jawn-parser_2.10Maven
>= 0
org.typelevel:jawn-parser_2.11Maven
>= 0
org.typelevel:jawn-parser_2.12Maven
< 1.3.21.3.2
org.typelevel:jawn-parser_2.13Maven
< 1.3.21.3.2
org.typelevel:jawn-parser_2.13.0-M5Maven
>= 0
org.typelevel:jawn-parser_2.13.0-RC1Maven
>= 0
org.typelevel:jawn-parser_2.13.0-RC2Maven
>= 0
org.typelevel:jawn-parser_2.13.0-RC3Maven
>= 0
org.typelevel:jawn-parser_3Maven
< 1.3.21.3.2
org.typelevel:jawn-parser_3.0.0-M1Maven
>= 0
org.typelevel:jawn-parser_3.0.0-M2Maven
>= 0
org.typelevel:jawn-parser_3.0.0-M3Maven
>= 0
org.typelevel:jawn-parser_3.0.0-RC1Maven
>= 0
org.typelevel:jawn-parser_3.0.0-RC2Maven
>= 0
org.typelevel:jawn-parser_3.0.0-RC3Maven
>= 0

Affected products

22

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.