Vulnerabilities disclosed in json-20090211.jar

Issue date: 18-07-2023
Affects versions: 15.2, 15.1, 14.7, 13.4

Security Issue ID

SECURITY-424

Affected Product Version(s)

15.2.1, 14.7.13, 13.4.22 and previous releases.

Severity

High

Description

CVE-2022-45688 suppress

A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.

CWE-787 Out-of-bounds Write

CVSSv2:

Base Score: HIGH (7.5)
Vector: /AV:N/AC:L/Au:/C:N/I:N/A:H

Instructions

Customers are recommended to upgrade to the latest version. As of the time of writing, 15.2.3,14.7.14,13.4.23.

Content Application

Channels

Projects

Relevance

Architecture

Concepts

Platform Configuration

Frontend Integration

Backend Development

Commerce Accelerator

Cloud Deployment (PaaS)

On-Premise Deployment

Security

Release Management

Platform Development

Bloomreach Documentation version

Vulnerabilities disclosed in json-20090211.jar