Medium severity5.3OSV Advisory· Published Oct 4, 2024· Updated Apr 15, 2026
CVE-2024-47855
CVE-2024-47855
Description
util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.kordamp.json:json-lib-coreMaven | < 3.1.0 | 3.1.0 |
net.sf.json-lib:json-libMaven | <= 2.4 | — |
Affected products
11- osv-coords10 versionspkg:apk/chainguard/jenkins-2.479pkg:apk/chainguard/jenkins-2.479-compatpkg:apk/chainguard/jenkins-2.479-remotingpkg:apk/wolfi/jenkins-2.479pkg:apk/wolfi/jenkins-2.479-compatpkg:apk/wolfi/jenkins-2.479-remotingpkg:maven/net.sf.json-lib/json-libpkg:maven/org.kordamp.json/json-lib-corepkg:rpm/opensuse/json-lib&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/json-lib&distro=openSUSE%20Leap%2015.6
< 2.479.2-r0+ 9 more
- (no CPE)range: < 2.479.2-r0
- (no CPE)range: < 2.479.2-r0
- (no CPE)range: < 2.479.2-r0
- (no CPE)range: < 2.479.2-r0
- (no CPE)range: < 2.479.2-r0
- (no CPE)range: < 2.479.2-r0
- (no CPE)range: <= 2.4
- (no CPE)range: < 3.1.0
- (no CPE)range: < 2.4-150200.3.7.1
- (no CPE)range: < 2.4-150200.3.7.1
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-wwcp-26wc-3fxmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-47855ghsaADVISORY
- github.com/kordamp/json-lib/blob/35a1f2aa22bac260438c0cf2399549311b5a21aa/pom.xmlghsaWEB
- github.com/kordamp/json-lib/commit/a0c4a0eae277130e22979cf307c95dec4005a78envdWEB
- github.com/kordamp/json-lib/compare/v3.0.3...v3.1.0nvdWEB
- sourceforge.net/projects/json-libghsaWEB
News mentions
1- Jenkins Security Advisory 2024-11-27Jenkins Security Advisories · Nov 27, 2024