Vulnerable Package issue exists @ Maven-org.json:json-20090211 in branch master
The package JSON-java before 20171018 is vulnerable to Denial Of Service attack. The function unescape() used in multiple java files, unescapes a given XML string twice, causing the application to crash, due to StringIndexOutOfBoundsException.
Namespace: srcdevel1
Repository: JavaVulnerableLabv1
Repository Url: https://github.com/srcdevel1/JavaVulnerableLabv1
CxAST-Project: srcdevel1/JavaVulnerableLabv1
CxAST platform scan: 19f0f9e7-df09-4044-8007-1bf4035f4eb9
Branch: master
Application: JavaVulnerableLabv1
Severity: HIGH
State: NOT_IGNORED
Status: RECURRENT
CWE: CWE-74
Addition Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: NONE
Availability impact: HIGH
References
Issue
Pull request
Commit
Vulnerable Package issue exists @ Maven-org.json:json-20090211 in branch master
The package
JSON-javabefore 20171018 is vulnerable to Denial Of Service attack. The functionunescape()used in multiple java files, unescapes a given XML string twice, causing the application to crash, due to StringIndexOutOfBoundsException.Namespace: srcdevel1
Repository: JavaVulnerableLabv1
Repository Url: https://github.com/srcdevel1/JavaVulnerableLabv1
CxAST-Project: srcdevel1/JavaVulnerableLabv1
CxAST platform scan: 19f0f9e7-df09-4044-8007-1bf4035f4eb9
Branch: master
Application: JavaVulnerableLabv1
Severity: HIGH
State: NOT_IGNORED
Status: RECURRENT
CWE: CWE-74
Addition Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: NONE
Availability impact: HIGH
References
Issue
Pull request
Commit