Cx2906ba70-607a @ Maven-org.json:json-20131018

**Vulnerable Package** issue exists @ **Maven\-org\.json:json\-20131018** in branch **master**

The package `JSON-java` before 20171018 is vulnerable to Denial Of Service attack. The function `unescape()` used in multiple java files,  unescapes a given XML string twice, causing the application to crash, due to StringIndexOutOfBoundsException.

**Namespace:** mridilla
**Repository:** JavaVulnerableLab
**Repository Url:** https://github.com/mridilla/JavaVulnerableLab
**CxAST\-Project:** mridilla/JavaVulnerableLab
**CxAST platform scan:** [e1fc43b6\-0e4d\-4a93\-8009\-8fe24d4a9091](https://ast.checkmarx.net/projects/188bd83b-3bc2-4f79-9ccc-90f764c20505/scans?id=e1fc43b6-0e4d-4a93-8009-8fe24d4a9091&branch=master)
**Branch:** master
**Application:** JavaVulnerableLab
**Severity:** HIGH
**State:** NOT_IGNORED
**Status:** RECURRENT
**CWE:** CWE-74


----
**Addition Info**
**Attack vector:** NETWORK
**Attack complexity:** LOW
**Confidentiality impact:** NONE
**Availability impact:** HIGH


----
**References**
[Issue](https://github.com/stleary/JSON-java/issues/361)
[Pull request](https://github.com/stleary/JSON-java/pull/362)
[Commit](https://github.com/stleary/JSON-java/commit/2565abdaaae445fd150f63c07acbffda72fbbd92)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Cx2906ba70-607a @ Maven-org.json:json-20131018 #78

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Cx2906ba70-607a @ Maven-org.json:json-20131018 #78

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions