Maven package
net.minidev/json-smart
pkg:maven/net.minidev/json-smart
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-57699 | Hig | 7.5 | >= 2.5.0, < 2.5.2 | 2.5.2 | Feb 5, 2025 | A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of ’{’, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service (DoS). This issue exists because of a | |
| CVE-2023-1370 | — | < 2.4.9 | 2.4.9 | Mar 13, 2023 | [Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib. When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting o | ||
| CVE-2021-31684 | — | >= 1.3.0, < 1.3.3 | 1.3.3 | Jun 1, 2021 | A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of service (DOS) via a crafted web request. | ||
| CVE-2021-27568 | — | < 1.3.2 | 1.3.2 | Feb 23, 2021 | An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash or ex |
- affected >= 2.5.0, < 2.5.2fixed 2.5.2
A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of ’{’, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service (DoS). This issue exists because of a
- CVE-2023-1370Mar 13, 2023affected < 2.4.9fixed 2.4.9
[Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib. When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting o
- CVE-2021-31684Jun 1, 2021affected >= 1.3.0, < 1.3.3fixed 1.3.3
A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of service (DOS) via a crafted web request.
- CVE-2021-27568Feb 23, 2021affected < 1.3.2fixed 1.3.2
An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash or ex