Cx2906ba70-607a @ Maven-org.json:json-20090211

**Vulnerable Package** issue exists @ **Maven\-org\.json:json\-20090211** in branch **master**

The package `JSON-java` before 20171018 is vulnerable to Denial Of Service attack. The function `unescape()` used in multiple java files,  unescapes a given XML string twice, causing the application to crash, due to StringIndexOutOfBoundsException.

**Namespace:** TaynaCT
**Repository:** JavaVulnerableLab
**Repository Url:** https://github.com/TaynaCT/JavaVulnerableLab
**CxAST\-Project:** TaynaCT/JavaVulnerableLab
**CxAST platform scan:** [8306ce52\-f0ea\-4229\-8014\-fe5126ba5a64](https://eu.ast.checkmarx.net/projects/26ce21e6-14ed-4718-96d4-658078577e49/scans?id=8306ce52-f0ea-4229-8014-fe5126ba5a64&branch=master)
**Branch:** master
**Application:** JavaVulnerableLab
**Severity:** HIGH
**State:** NOT_IGNORED
**Status:** RECURRENT
**CWE:** CWE-74


----
**Addition Info**
**Attack vector:** NETWORK
**Attack complexity:** LOW
**Confidentiality impact:** NONE
**Availability impact:** HIGH


----
**References**
[Issue](https://github.com/stleary/JSON-java/issues/361)
[Pull request](https://github.com/stleary/JSON-java/pull/362)
[Commit](https://github.com/stleary/JSON-java/commit/2565abdaaae445fd150f63c07acbffda72fbbd92)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Cx2906ba70-607a @ Maven-org.json:json-20090211 #3

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Cx2906ba70-607a @ Maven-org.json:json-20090211 #3

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions