OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these situations.
References
Link | Resource |
---|---|
https://github.com/OWASP/json-sanitizer/commit/a37f594f7378a1c76b3283e0dab9e1ab1dc0247e | Patch Third Party Advisory |
https://github.com/OWASP/json-sanitizer/compare/v1.2.1...v1.2.2 | Patch Third Party Advisory |
https://groups.google.com/g/json-sanitizer-support/c/dAW1AeNMoA0 | Third Party Advisory |
Configurations
History
19 Jan 2021, 19:00
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:owasp:json-sanitizer:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
References | (MISC) https://groups.google.com/g/json-sanitizer-support/c/dAW1AeNMoA0 - Third Party Advisory | |
References | (MISC) https://github.com/OWASP/json-sanitizer/compare/v1.2.1...v1.2.2 - Patch, Third Party Advisory | |
References | (MISC) https://github.com/OWASP/json-sanitizer/commit/a37f594f7378a1c76b3283e0dab9e1ab1dc0247e - Patch, Third Party Advisory | |
CWE | NVD-CWE-noinfo |
13 Jan 2021, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-01-13 16:15
Updated : 2023-12-10 13:41
NVD link : CVE-2021-23900
Mitre link : CVE-2021-23900
CVE.ORG link : CVE-2021-23900
JSON object : View
Products Affected
owasp
- json-sanitizer
CWE