VYPR

Maven package

org.apache.johnzon/johnzon-mapper

pkg:maven/org.apache.johnzon/johnzon-mapper

Vulnerabilities (1)

  • CVE-2023-33008Jul 7, 2023
    affected < 1.2.21fixed 1.2.21

    Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache Johnzon. A malicious attacker can craft up some JSON input that uses large numbers (numbers such as 1e20000000) that Apache Johnzon will deserialize into BigDecimal and maybe use numbers too la