High severityOSV Advisory· Published Jan 3, 2024· Updated Nov 28, 2025
Improper Handling of Exceptional Conditions in Newtonsoft.Json
CVE-2024-21907
Description
Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
Newtonsoft.JsonNuGet | < 13.0.1 | 13.0.1 |
Affected products
2- Range: 1.3.1, 10.0.1, 10.0.2, …
Patches
Vulnerability mechanics
References
9- github.com/advisories/GHSA-5crp-9r3c-p9vrghsathird-party-advisoryADVISORY
- vulncheck.com/advisories/vc-advisory-GHSA-5crp-9r3c-p9vrmitrethird-party-advisory
- alephsecurity.com/2018/10/22/StackOverflowExceptionghsaWEB
- alephsecurity.com/2018/10/22/StackOverflowException/mitrerelated
- alephsecurity.com/vulns/aleph-2018004ghsarelatedWEB
- github.com/JamesNK/Newtonsoft.Json/commit/7e77bbe1beccceac4fc7b174b53abfefac278b66ghsarelatedWEB
- github.com/JamesNK/Newtonsoft.Json/issues/2457ghsaissue-trackingWEB
- github.com/JamesNK/Newtonsoft.Json/pull/2462ghsarelatedWEB
- security.snyk.io/vuln/SNYK-DOTNET-NEWTONSOFTJSON-2774678ghsarelatedWEB
News mentions
0No linked articles in our index yet.