hackage package
aeson
pkg:hackage/aeson
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-3433 | — | >= 0.4.0.0, < 2.0.1.0 | 2.0.1.0 | Oct 10, 2022 | The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse this flaw to produce a hash collision in the underlying unordered-containers library by sending specially crafted JSON data, resulting in a denial of service. |
- CVE-2022-3433Oct 10, 2022affected >= 0.4.0.0, < 2.0.1.0fixed 2.0.1.0
The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse this flaw to produce a hash collision in the underlying unordered-containers library by sending specially crafted JSON data, resulting in a denial of service.