Security
Headlines

Headlines Latest CVEs

Headline

GHSA-xqcq-j8w9-3pxv: Jettison parser crash by stackoverflow

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-40149
https://github.com/jettison-json/jettison/issues/45
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46538
https://github.com/jettison-json/jettison/pull/49/files
https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1
https://lists.debian.org/debian-lts-announce/2022/11/msg00011.html
https://www.debian.org/security/2023/dsa-5312

1 year ago

#debian #dos #js #git #chrome

Jettison parser crash by stackoverflow

Moderate severity GitHub Reviewed Published Aug 1, 2023 in tencyle-fixes/jettison • Updated Aug 1, 2023

ghsa: Latest News

GHSA-8fh4-942r-jf2g: LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/services.inc.php

17 hours ago

GHSA-7q7g-4xm8-89cq: Regular Expression Denial of Service (ReDoS) in @eslint/plugin-kit

17 hours ago

GHSA-phm4-wf3h-pc3r: Unpatched Remote Code Execution in Gogs

20 hours ago

GHSA-x645-6pf9-xwxw: LibreNMS has an Authenticated OS Command Injection

22 hours ago

GHSA-gv4m-f6fx-859x: LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-customoid.php

22 hours ago