[Checkmarx][OSA] Cxdb5a1032-eda2 - Score 7.5 - org.json:json:20170516
miguelfreitas93 opened this issue · comments
** Library Details **
Library ID: 2DA28C5536606251BE5586AE4F0607C9272719B8
Library Name: org.json:json
Library Version: 20170516
Library Source File Name:
Library Confidence Level: 100
** Library Severity Details **
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
** CVE Details **
CVE Name: Cxdb5a1032-eda2
CVE Score: 7.5
Severity: High
State: TO_VERIFY
CVE Publish Date: 2019-09-17T10:37:00
CVE URL: stleary/JSON-java#484
CVE Description: The package JSON-java
is vulnerable to Denial Of Service. The function nextMeta
in the file XMLTokener.java
runs into an infinite loop as the JSONTokener.nextMeta() function
returns the same character repeatedly and never advances the Tokener index. Due to this flaw, the availability of the application is affected.
** Recommendations **
Library Newest Version: 20190722
Library Newest Version Release Date: 2019-08-07T00:56:35
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 20190722
** Library Details **
Library ID: 2DA28C5536606251BE5586AE4F0607C9272719B8
Library Name: org.json:json
Library Version: 20170516
Library Source File Name:
Library Confidence Level: 100
** Library Severity Details **
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
** CVE Details **
CVE Name: Cxdb5a1032-eda2
CVE Score: 7.5
Severity: High
State: TO_VERIFY
CVE Publish Date: 2019-09-17T10:37:00
CVE URL: stleary/JSON-java#484
CVE Description: The package JSON-java
is vulnerable to Denial Of Service. The function nextMeta
in the file XMLTokener.java
runs into an infinite loop as the JSONTokener.nextMeta() function
returns the same character repeatedly and never advances the Tokener index. Due to this flaw, the availability of the application is affected.
** Recommendations **
Library Newest Version: 20190722
Library Newest Version Release Date: 2019-08-07T00:56:35
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 20190722
Library Details
Library ID: 2DA28C5536606251BE5586AE4F0607C9272719B8
Library Name: org.json:json
Library Version: 20170516
Library Source File Name:
Library Confidence Level: 100
Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
CVE Details
CVE Name: Cxdb5a1032-eda2
CVE Score: 7.5
Severity: High
State: TO_VERIFY
CVE Publish Date: 2019-09-17T10:37:00
CVE URL: stleary/JSON-java#484
CVE Description: The package JSON-java
is vulnerable to Denial Of Service. The function nextMeta
in the file XMLTokener.java
runs into an infinite loop as the JSONTokener.nextMeta() function
returns the same character repeatedly and never advances the Tokener index. Due to this flaw, the availability of the application is affected.
Recommendations
Library Newest Version: 20190722
Library Newest Version Release Date: 2019-08-07T00:56:35
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 20190722
Library Details
Library ID: 2DA28C5536606251BE5586AE4F0607C9272719B8
Library Name: org.json:json
Library Version: 20170516
Library Source File Name:
Library Confidence Level: 100
Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
CVE Details
CVE Name: Cxdb5a1032-eda2
CVE Score: 7.5
Severity: High
State: TO_VERIFY
CVE Publish Date: 2019-09-17T10:37:00
CVE URL: stleary/JSON-java#484
CVE Description: The package JSON-java
is vulnerable to Denial Of Service. The function nextMeta
in the file XMLTokener.java
runs into an infinite loop as the JSONTokener.nextMeta() function
returns the same character repeatedly and never advances the Tokener index. Due to this flaw, the availability of the application is affected.
Recommendations
Library Newest Version: 20190722
Library Newest Version Release Date: 2019-08-07T00:56:35
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 20190722
Library Details
Library ID: 2DA28C5536606251BE5586AE4F0607C9272719B8
Library Name: org.json:json
Library Version: 20170516
Library Source File Name:
Library Confidence Level: 100
Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
CVE Details
CVE Name: Cxdb5a1032-eda2
CVE Score: 7.5
Severity: High
State: TO_VERIFY
CVE Publish Date: 2019-09-17T10:37:00
CVE URL: stleary/JSON-java#484
CVE Description: The package JSON-java
is vulnerable to Denial Of Service. The function nextMeta
in the file XMLTokener.java
runs into an infinite loop as the JSONTokener.nextMeta() function
returns the same character repeatedly and never advances the Tokener index. Due to this flaw, the availability of the application is affected.
Recommendations
Library Newest Version: 20190722
Library Newest Version Release Date: 2019-08-07T00:56:35
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 20190722
Library Details
Library ID: 2DA28C5536606251BE5586AE4F0607C9272719B8
Library Name: org.json:json
Library Version: 20170516
Library Source File Name:
Library Confidence Level: 100
Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
CVE Details
CVE Name: Cxdb5a1032-eda2
CVE Score: 7.5
Severity: High
State: TO_VERIFY
CVE Publish Date: 2019-09-17T10:37:00
CVE URL: stleary/JSON-java#484
CVE Description: The package JSON-java
is vulnerable to Denial Of Service. The function nextMeta
in the file XMLTokener.java
runs into an infinite loop as the JSONTokener.nextMeta() function
returns the same character repeatedly and never advances the Tokener index. Due to this flaw, the availability of the application is affected.
Recommendations
Library Newest Version: 20190722
Library Newest Version Release Date: 2019-08-07T00:56:35
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 20190722
Library Details
Library ID: 2DA28C5536606251BE5586AE4F0607C9272719B8
Library Name: org.json:json
Library Version: 20170516
Library Source File Name:
Library Confidence Level: 100
Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
CVE Details
CVE Name: Cxdb5a1032-eda2
CVE Score: 7.5
Severity: High
State: TO_VERIFY
CVE Publish Date: 2019-09-17T10:37:00
CVE URL: stleary/JSON-java#484
CVE Description: The package JSON-java
is vulnerable to Denial Of Service. The function nextMeta
in the file XMLTokener.java
runs into an infinite loop as the JSONTokener.nextMeta() function
returns the same character repeatedly and never advances the Tokener index. Due to this flaw, the availability of the application is affected.
Recommendations
Library Newest Version: 20190722
Library Newest Version Release Date: 2019-08-07T00:56:35
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 20190722
Library Details
Library ID: 2DA28C5536606251BE5586AE4F0607C9272719B8
Library Name: org.json:json
Library Version: 20170516
Library Source File Name:
Library Confidence Level: 100
Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
CVE Details
CVE Name: Cxdb5a1032-eda2
CVE Score: 7.5
Severity: High
State: TO_VERIFY
CVE Publish Date: 2019-09-17T10:37:00
CVE URL: stleary/JSON-java#484
CVE Description: The package JSON-java
is vulnerable to Denial Of Service. The function nextMeta
in the file XMLTokener.java
runs into an infinite loop as the JSONTokener.nextMeta() function
returns the same character repeatedly and never advances the Tokener index. Due to this flaw, the availability of the application is affected.
Recommendations
Library Newest Version: 20190722
Library Newest Version Release Date: 2019-08-07T00:56:35
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 20190722
Library Details
Library ID: 2DA28C5536606251BE5586AE4F0607C9272719B8
Library Name: org.json:json
Library Version: 20170516
Library Source File Name:
Library Confidence Level: 100
Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
CVE Details
CVE Name: Cxdb5a1032-eda2
CVE Score: 7.5
Severity: High
State: TO_VERIFY
CVE Publish Date: 2019-09-17T10:37:00
CVE URL: stleary/JSON-java#484
CVE Description: The package JSON-java
is vulnerable to Denial Of Service. The function nextMeta
in the file XMLTokener.java
runs into an infinite loop as the JSONTokener.nextMeta() function
returns the same character repeatedly and never advances the Tokener index. Due to this flaw, the availability of the application is affected.
Recommendations
Library Newest Version: 20190722
Library Newest Version Release Date: 2019-08-07T00:56:35
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 20190722
Library Details
Library ID: 2DA28C5536606251BE5586AE4F0607C9272719B8
Library Name: org.json:json
Library Version: 20170516
Library Source File Name:
Library Confidence Level: 100
Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
CVE Details
CVE Name: Cxdb5a1032-eda2
CVE Score: 7.5
Severity: High
State: TO_VERIFY
CVE Publish Date: 2019-09-17T10:37:00
CVE URL: stleary/JSON-java#484
CVE Description: The package JSON-java
is vulnerable to Denial Of Service. The function nextMeta
in the file XMLTokener.java
runs into an infinite loop as the JSONTokener.nextMeta() function
returns the same character repeatedly and never advances the Tokener index. Due to this flaw, the availability of the application is affected.
Recommendations
Library Newest Version: 20190722
Library Newest Version Release Date: 2019-08-07T00:56:35
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 20190722
Library Details
Library ID: 2DA28C5536606251BE5586AE4F0607C9272719B8
Library Name: org.json:json
Library Version: 20170516
Library Source File Name:
Library Confidence Level: 100
Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
CVE Details
CVE Name: Cxdb5a1032-eda2
CVE Score: 7.5
Severity: High
State: TO_VERIFY
CVE Publish Date: 2019-09-17T10:37:00
CVE URL: stleary/JSON-java#484
CVE Description: The package JSON-java
is vulnerable to Denial Of Service. The function nextMeta
in the file XMLTokener.java
runs into an infinite loop as the JSONTokener.nextMeta() function
returns the same character repeatedly and never advances the Tokener index. Due to this flaw, the availability of the application is affected.
Recommendations
Library Newest Version: 20190722
Library Newest Version Release Date: 2019-08-07T00:56:35
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 20190722
Vulnerability does not exist anymore
Vulnerability does not exist anymore