CVE-2023-1436 @ Maven-org.codehaus.jettison:jettison-1.2 #5

cyates-checkmarx · 2023-06-23T17:33:03Z

Vulnerable Package issue exists @ Maven-org.codehaus.jettison:jettison-1.2 in branch master

An infinite recursion is triggered in Jettison prior to 1.5.4 when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.

Namespace: cyates-checkmarx
Repository: JVL
Repository Url: https://github.com/cyates-checkmarx/JVL
CxAST-Project: cyates-checkmarx/JVL
CxAST platform scan: 7b012027-b586-4987-b934-7a017732de85
Branch: master
Application: JVL
Severity: HIGH
State: NOT_IGNORED
Status: RECURRENT
CWE: CWE-674

Additional Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: NONE
Availability impact: HIGH
Remediation Upgrade Recommendation: 1.5.4

References
Advisory
Pull request
Issue
Commit
Disclosure

cyates-checkmarx mentioned this issue Dec 11, 2023

SQL_Injection @ /src/main/java/org/cysecurity/cspf/jvl/controller/Register.java #39

Open

cyates-checkmarx closed this as completed Dec 11, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2023-1436 @ Maven-org.codehaus.jettison:jettison-1.2 #5

CVE-2023-1436 @ Maven-org.codehaus.jettison:jettison-1.2 #5

cyates-checkmarx commented Jun 23, 2023

CVE-2023-1436 @ Maven-org.codehaus.jettison:jettison-1.2 #5

CVE-2023-1436 @ Maven-org.codehaus.jettison:jettison-1.2 #5

Comments

cyates-checkmarx commented Jun 23, 2023