From 2bbde3e9fb7ad72522dedfe57df87f02f234eba2 Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Wed, 12 Mar 2025 14:30:01 +0000 Subject: [PATCH] Publish GHSA-pq2g-wx69-c263 --- .../2025/02/GHSA-pq2g-wx69-c263/GHSA-pq2g-wx69-c263.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/advisories/github-reviewed/2025/02/GHSA-pq2g-wx69-c263/GHSA-pq2g-wx69-c263.json b/advisories/github-reviewed/2025/02/GHSA-pq2g-wx69-c263/GHSA-pq2g-wx69-c263.json index daebfce55b1..85a31187be3 100644 --- a/advisories/github-reviewed/2025/02/GHSA-pq2g-wx69-c263/GHSA-pq2g-wx69-c263.json +++ b/advisories/github-reviewed/2025/02/GHSA-pq2g-wx69-c263/GHSA-pq2g-wx69-c263.json @@ -1,13 +1,13 @@ { "schema_version": "1.4.0", "id": "GHSA-pq2g-wx69-c263", - "modified": "2025-02-12T15:39:26Z", + "modified": "2025-03-12T14:28:04Z", "published": "2025-02-06T06:31:26Z", "aliases": [ "CVE-2024-57699" ], "summary": "Netplex Json-smart Uncontrolled Recursion vulnerability", - "details": "A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of ’{’, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service (DoS). This issue exists because of an incomplete fix for CVE-2023-1370.", + "details": "A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of ’{’, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service (DoS). This issue exists because of an incomplete fix for CVE-2023-1370.\n\nThe fixed version only addresses the default modes provided by [JSONParser](https://github.com/netplex/json-smart-v2/blob/master/json-smart/src/main/java/net/minidev/json/parser/JSONParser.java#L118), such as `MODE_RFC4627`. If you create the JSONParser manually or with custom options, make sure to set the `LIMIT_JSON_DEPTH` option.", "severity": [ { "type": "CVSS_V3",