json-smart error-handling vulnerability

Issue date: 21-09-2021
Affects versions: 14.6, 13.4, 12.6

Security Issue ID

SECURITY-247

Affected Product Version(s)

12.6.16, 13.4.9, 14.6.0 and previous releases.

Severity

medium

Description

CVE-2021-27568

An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash or expose sensitive information.

Instructions

Customers using the 12.x, 13.x and 14.x major versions are recommended to upgrade to the latest version in that series.

Content Application

Channels

Projects

Relevance

Architecture

Concepts

Platform Configuration

Frontend Integration

Backend Development

Commerce Accelerator

Cloud Deployment (PaaS)

On-Premise Deployment

Security

Release Management

Platform Development

Bloomreach Documentation version

json-smart error-handling vulnerability