Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:3362: Red Hat Security Advisory: OpenShift Container Platform 4.10.61 packages and security update

Red Hat OpenShift Container Platform release 4.10.61 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-1370: A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘[‘ or ‘{‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#git#kubernetes#aws#ibm#rpm

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

All Products

Issued:

2023-06-07

Updated:

2023-06-07

RHSA-2023:3362 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: OpenShift Container Platform 4.10.61 packages and security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Red Hat OpenShift Container Platform release 4.10.61 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.10.

Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat’s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.61. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHSA-2023:3363

Security Fix(es):

  • json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.10 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html

Affected Products

  • Red Hat OpenShift Container Platform 4.10 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.10 for RHEL 7 x86_64
  • Red Hat OpenShift Container Platform for Power 4.10 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.10 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for ARM 64 4.10 aarch64

Fixes

  • BZ - 2188542 - CVE-2023-1370 json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)

References

  • https://access.redhat.com/security/updates/classification/#important
  • https://access.redhat.com/articles/11258

Red Hat OpenShift Container Platform 4.10 for RHEL 8

SRPM

cri-o-1.23.5-15.rhaos4.10.git0bbb0d9.el8.src.rpm

SHA-256: 0a9e7371b1963ffa2f857e4217650e0b4921f9b03326c608ebef1abc59c0b584

jenkins-2-plugins-4.10.1684982411-1.el8.src.rpm

SHA-256: 85f40c5f19896ee02735f95b2d92a9a5b27c539aaf706590c0d9492bca55788e

python-sushy-4.1.6-0.20230517173625.5490eb6.el8.src.rpm

SHA-256: 848a3fa001498aa50483ade0bb14cfc034ee29181bd8383083363ae6b4fcbf1b

x86_64

cri-o-1.23.5-15.rhaos4.10.git0bbb0d9.el8.x86_64.rpm

SHA-256: fc6f3e239a9b9d75d03f88a5311ee2e6cf78f7e68692245c9decb1edcca85d87

cri-o-debuginfo-1.23.5-15.rhaos4.10.git0bbb0d9.el8.x86_64.rpm

SHA-256: 371895a312b1e79de966a098e9edf70afbd3bfe0a3ed6bd336b91829aad78bca

cri-o-debugsource-1.23.5-15.rhaos4.10.git0bbb0d9.el8.x86_64.rpm

SHA-256: d45330d01ed01d62ce5d517f7cfe4cb31bf3866c35848a9b9a43fca9a328b49a

jenkins-2-plugins-4.10.1684982411-1.el8.noarch.rpm

SHA-256: 7db9937d755e4139e9726d81014109a093a33fbdc57f09f9fdf8db011ce54c0d

python3-sushy-4.1.6-0.20230517173625.5490eb6.el8.noarch.rpm

SHA-256: 9c86e8aa5e287332b0aa8a516f0d642838ae1b21c9e1b69e4779ee82ed57f539

python3-sushy-tests-4.1.6-0.20230517173625.5490eb6.el8.noarch.rpm

SHA-256: 41cf92f300179c9fa6697639978cc7fc4b68330d8fb811531bb3fb68ac281c53

Red Hat OpenShift Container Platform 4.10 for RHEL 7

SRPM

cri-o-1.23.5-15.rhaos4.10.git0bbb0d9.el7.src.rpm

SHA-256: 1bbdc4c12e1cf6403f2e5118ad21a4487ac2682299558e165d05a249742aceeb

x86_64

cri-o-1.23.5-15.rhaos4.10.git0bbb0d9.el7.x86_64.rpm

SHA-256: 74a394d24e96f2bc7d99e3c329044766e0509cec1b752a391be2f6f3b504cd01

cri-o-debuginfo-1.23.5-15.rhaos4.10.git0bbb0d9.el7.x86_64.rpm

SHA-256: 1bc2bc6d70a330f991cf1998248a00da4746ddf8641e2afec004370bfbb9683b

Red Hat OpenShift Container Platform for Power 4.10 for RHEL 8

SRPM

cri-o-1.23.5-15.rhaos4.10.git0bbb0d9.el8.src.rpm

SHA-256: 0a9e7371b1963ffa2f857e4217650e0b4921f9b03326c608ebef1abc59c0b584

jenkins-2-plugins-4.10.1684982411-1.el8.src.rpm

SHA-256: 85f40c5f19896ee02735f95b2d92a9a5b27c539aaf706590c0d9492bca55788e

python-sushy-4.1.6-0.20230517173625.5490eb6.el8.src.rpm

SHA-256: 848a3fa001498aa50483ade0bb14cfc034ee29181bd8383083363ae6b4fcbf1b

ppc64le

cri-o-1.23.5-15.rhaos4.10.git0bbb0d9.el8.ppc64le.rpm

SHA-256: a5ca804caeceb66fffb9b3ff6efe9fa6e0a291aa53bf9b22251e69454506b099

cri-o-debuginfo-1.23.5-15.rhaos4.10.git0bbb0d9.el8.ppc64le.rpm

SHA-256: 95ef92e91e7dc6dbac55438d1fdde6902c39d4a694080321eaf31c3c0e0aaeb7

cri-o-debugsource-1.23.5-15.rhaos4.10.git0bbb0d9.el8.ppc64le.rpm

SHA-256: e18a027d4006c940c7b2f77f9f3118a227965bfc633e3813f1dafdcccac3e5a8

jenkins-2-plugins-4.10.1684982411-1.el8.noarch.rpm

SHA-256: 7db9937d755e4139e9726d81014109a093a33fbdc57f09f9fdf8db011ce54c0d

python3-sushy-4.1.6-0.20230517173625.5490eb6.el8.noarch.rpm

SHA-256: 9c86e8aa5e287332b0aa8a516f0d642838ae1b21c9e1b69e4779ee82ed57f539

python3-sushy-tests-4.1.6-0.20230517173625.5490eb6.el8.noarch.rpm

SHA-256: 41cf92f300179c9fa6697639978cc7fc4b68330d8fb811531bb3fb68ac281c53

Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.10 for RHEL 8

SRPM

cri-o-1.23.5-15.rhaos4.10.git0bbb0d9.el8.src.rpm

SHA-256: 0a9e7371b1963ffa2f857e4217650e0b4921f9b03326c608ebef1abc59c0b584

jenkins-2-plugins-4.10.1684982411-1.el8.src.rpm

SHA-256: 85f40c5f19896ee02735f95b2d92a9a5b27c539aaf706590c0d9492bca55788e

python-sushy-4.1.6-0.20230517173625.5490eb6.el8.src.rpm

SHA-256: 848a3fa001498aa50483ade0bb14cfc034ee29181bd8383083363ae6b4fcbf1b

s390x

cri-o-1.23.5-15.rhaos4.10.git0bbb0d9.el8.s390x.rpm

SHA-256: afdd5e0f7cd62131f450f8892af42dd288d7aa00d71ce120c019a3400c8ecb92

cri-o-debuginfo-1.23.5-15.rhaos4.10.git0bbb0d9.el8.s390x.rpm

SHA-256: e1d9461e2c6faf60dab926fa1e639461a8fe18a00921a5526e30a756c2593736

cri-o-debugsource-1.23.5-15.rhaos4.10.git0bbb0d9.el8.s390x.rpm

SHA-256: 685802af5fb2b0eb4c70ee951e843bbc36ce01354645e0b864f3fc68f7a7f33c

jenkins-2-plugins-4.10.1684982411-1.el8.noarch.rpm

SHA-256: 7db9937d755e4139e9726d81014109a093a33fbdc57f09f9fdf8db011ce54c0d

python3-sushy-4.1.6-0.20230517173625.5490eb6.el8.noarch.rpm

SHA-256: 9c86e8aa5e287332b0aa8a516f0d642838ae1b21c9e1b69e4779ee82ed57f539

python3-sushy-tests-4.1.6-0.20230517173625.5490eb6.el8.noarch.rpm

SHA-256: 41cf92f300179c9fa6697639978cc7fc4b68330d8fb811531bb3fb68ac281c53

Red Hat OpenShift Container Platform for ARM 64 4.10

SRPM

cri-o-1.23.5-15.rhaos4.10.git0bbb0d9.el8.src.rpm

SHA-256: 0a9e7371b1963ffa2f857e4217650e0b4921f9b03326c608ebef1abc59c0b584

jenkins-2-plugins-4.10.1684982411-1.el8.src.rpm

SHA-256: 85f40c5f19896ee02735f95b2d92a9a5b27c539aaf706590c0d9492bca55788e

python-sushy-4.1.6-0.20230517173625.5490eb6.el8.src.rpm

SHA-256: 848a3fa001498aa50483ade0bb14cfc034ee29181bd8383083363ae6b4fcbf1b

aarch64

cri-o-1.23.5-15.rhaos4.10.git0bbb0d9.el8.aarch64.rpm

SHA-256: 912c8203b0f394fab9a620711f3a55cfcead7ec2b73b56cdfcea9eb7039766fb

cri-o-debuginfo-1.23.5-15.rhaos4.10.git0bbb0d9.el8.aarch64.rpm

SHA-256: 3688cd74b41ef3f2185cd50dfcbdd4f85db700b82ec22898538a4f73154251a0

cri-o-debugsource-1.23.5-15.rhaos4.10.git0bbb0d9.el8.aarch64.rpm

SHA-256: 1e703b43a0701e687d59d853e964da31ab45c14d70c42a5de88481c4cb185bcf

jenkins-2-plugins-4.10.1684982411-1.el8.noarch.rpm

SHA-256: 7db9937d755e4139e9726d81014109a093a33fbdc57f09f9fdf8db011ce54c0d

python3-sushy-4.1.6-0.20230517173625.5490eb6.el8.noarch.rpm

SHA-256: 9c86e8aa5e287332b0aa8a516f0d642838ae1b21c9e1b69e4779ee82ed57f539

python3-sushy-tests-4.1.6-0.20230517173625.5490eb6.el8.noarch.rpm

SHA-256: 41cf92f300179c9fa6697639978cc7fc4b68330d8fb811531bb3fb68ac281c53

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Red Hat Security Advisory 2024-3527-03

Red Hat Security Advisory 2024-3527-03 - Red Hat AMQ Streams 2.7.0 is now available from the Red Hat Customer Portal. Issues addressed include buffer overflow, denial of service, integer overflow, memory leak, and resource exhaustion vulnerabilities.

Red Hat Security Advisory 2023-7697-03

Red Hat Security Advisory 2023-7697-03 - An update is now available for Red Hat AMQ Clients. Issues addressed include code execution, denial of service, deserialization, and resource exhaustion vulnerabilities.

CVE-2023-22130: Oracle Critical Patch Update Advisory - October 2023

Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

Red Hat Security Advisory 2023-3915-01

Red Hat Security Advisory 2023-3915-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.44.

RHSA-2023:3954: Red Hat Security Advisory: Red Hat Fuse 7.12 release and security update

A minor version update (from 7.11 to 7.12) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2012-5783: It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or su...

RHSA-2023:3663: Red Hat Security Advisory: jenkins and jenkins-2-plugins security update

An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2048: A flaw was found in the Eclipse Jetty http2-server package. This flaw allows an attacker to cause a denial of service in the server via HTTP/2 requests. * CVE-2022-22976: A flaw was found in Spring Framework. The encoder does not perform any salt rounds when using the BCrypt class with the maximum wo...

Red Hat Security Advisory 2023-3641-01

Red Hat Security Advisory 2023-3641-01 - This release of Camel for Spring Boot 3.18.3.P2 serves as a replacement for Camel for Spring Boot 3.18.3.P1 and includes bug fixes and enhancements, which are documented in the Release Notes linked in the References. Issues addressed include denial of service, deserialization, resource exhaustion, and server-side request forgery vulnerabilities.

Red Hat Security Advisory 2023-3610-01

Red Hat Security Advisory 2023-3610-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include bypass, code execution, cross site request forgery, cross site scripting, denial of service, memory exhaustion, and resource exhaustion vulnerabilities.

RHSA-2023:3610: Red Hat Security Advisory: jenkins and jenkins-2-plugins security update

An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.12. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-46877: A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization. * CVE-2022-29599: A flaw was found in the maven-shared-utils package. This issue allows a Command...

CVE-2023-28043: DSA-2023-164: Dell Secure Connect Gateway Security Update for Multiple Vulnerabilities

Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text.

Red Hat Security Advisory 2023-3223-01

Red Hat Security Advisory 2023-3223-01 - Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat AMQ Streams 2.4.0 serves as a replacement for Red Hat AMQ Streams 2.3.0, and includes security and bug fixes, and enhancements. Issues addressed include denial of service, deserialization, information leakage, memory exhaustion, and resource exhaustion vulnerabilities.

RHSA-2023:3193: Red Hat Security Advisory: Red Hat Integration Camel Extensions for Quarkus 2.7.1-1 security update

Red Hat Integration Camel Extensions for Quarkus 2.7.1-1 release and security update is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Red Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1370: A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘[‘ or ‘{‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such...

Red Hat Security Advisory 2023-2100-01

Red Hat Security Advisory 2023-2100-01 - This release of Camel for Spring Boot 3.20.1 serves as a replacement for Camel for Spring Boot 3.18.3 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References. The purpose of this text-only errata is to inform you about the security issues fixed. Issues addressed include bypass, code execution, cross site scripting, denial of service, man-in-the-middle, memory exhaustion, resource exhaustion, and traversal vulnerabilities.

Red Hat Security Advisory 2023-2099-01

Red Hat Security Advisory 2023-2099-01 - A patch is now available for Camel for Spring Boot 3.18.3. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Issues addressed include denial of service and resource exhaustion vulnerabilities.

RHSA-2023:2099: Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 3.18.3 Patch 1 security update

A patch is now available for Camel for Spring Boot 3.18.3. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1370: A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘[‘ or ‘{‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since ne...

RHSA-2023:2100: Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 3.20.1 security update

Red Hat Integration Camel for Spring Boot 3.20.1 release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-37533: A flaw was found in Apache Commons Net's FTP, where the client trusts the host from PASV response by default. A malicious server could redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This issue could lead to leakage of information about service...

CVE-2023-21954: Oracle Critical Patch Update Advisory - April 2023

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...

Ubuntu Security Notice USN-6011-1

Ubuntu Security Notice 6011-1 - It was discovered that Json-smart incorrectly handled memory when processing input containing unclosed quotes. A remote attacker could possibly use this issue to cause applications using Json-smart to crash, leading to a denial of service. It was discovered that Json-smart incorrectly handled memory when processing input containing unclosed brackets. A remote attacker could possibly use this issue to cause applications using Json-smart to crash, leading to a denial of service.

CVE-2023-1370: json-smart Stack exhaustion DoS | XRAY-427633

[Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib. When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software.