Home > Vulnerability Database > WS-2017-3805

Mend.io Vulnerability Database

WS-2017-3805

Good to know:

Date: October 30, 2017

Affected versions of JSON In Java are vulnerable to Denial of Service (DoS) when trying to initialize a JSONArray object and the input is [. This will cause the jvm to crash with StackOverflowError due to non-cyclical stack overflow.

Language: Java

Severity Score

7.5

Related Resources (2)

Url: https://github.com/stleary/JSON-java/commit/ed8745cd634f3276b7f7bef4bf0f49987c83256d

Url: https://www.mend.io/vulnerability-database/WS-2017-3805

Severity Score

7.5

Weakness Type (CWE)

Uncontrolled Resource Consumption

CWE-400

Top Fix

Upgrade Version

Upgrade to version gomoob/php-embedded-mongo - no_fix;fgbio - 0.2.0;fgbio - 0.4.0;ddkits/cli - dev-produc;ddkits/cli - v1.21.x-dev;ddkits/cli - dev-beta2;ddkits/cli - 4.20;ddkits/cli - v143.x-dev;DeepMeta.DeepTools.MPQ - no_fix;scribe/closurecompiler-library - no_fix;cromwell - 0.32;fiji - 20231211;io.fabric8.support:support-webapp:no_fix;io.fabric8.support:support-webapp:no_fix;io.fabric8.support:support-webapp:1.2.0.redhat-133;io.fabric8.support:support-webapp:no_fix;io.fabric8.support:support-webapp:no_fix;io.fabric8.support:support-webapp:no_fix;io.fabric8.support:support-webapp:no_fix;io.fabric8.support:support-webapp:no_fix;io.fabric8.support:support-webapp:no_fix;io.fabric8.support:support-webapp:no_fix;io.fabric8.support:support-webapp:no_fix;io.fabric8.support:support-webapp:no_fix;io.fabric8.support:support-webapp:no_fix;io.fabric8.support:support-webapp:no_fix;io.fabric8.support:support-webapp:no_fix;io.fabric8.support:support-webapp:no_fix;io.fabric8.support:support-webapp:no_fix;io.fabric8.support:support-webapp:no_fix;io.hawt:hawtio-default:2.0.2;io.hawt:hawtio-default:2.0.2;io.hawt:hawtio-default:2.0.2;io.hawt:hawtio-default:2.0.2;io.hawt:hawtio-default:2.0.2;org.apache.karaf.webconsole:org.apache.karaf.webconsole.gogo:2.3.1;org.apache.karaf.webconsole:org.apache.karaf.webconsole.gogo:2.3.1;org.apache.karaf.webconsole:org.apache.karaf.webconsole.gogo:2.3.1;org.apache.karaf.webconsole:org.apache.karaf.webconsole.gogo:2.3.1;io.hawt:hawtio-war:2.0.1;io.hawt:hawtio-war:2.0.1;io.hawt:hawtio-war:2.0.1;io.hawt:hawtio-war:2.0.1;io.hawt:hawtio-war:2.0.1;io.hawt:hawtio-base:2.0.2;io.hawt:hawtio-base:2.0.2;io.hawt:hawtio-base:2.0.2;io.hawt:hawtio-base:2.0.2;io.hawt:hawtio-base:2.0.2;io.hawt:hawtio-base:2.0.2;org.apache.karaf.webconsole:org.apache.karaf.webconsole.features:2.3.1;org.apache.karaf.webconsole:org.apache.karaf.webconsole.features:2.3.1;org.apache.karaf.webconsole:org.apache.karaf.webconsole.features:2.3.1;org.apache.karaf.webconsole:org.apache.karaf.webconsole.admin:2.3.1;org.apache.karaf.webconsole:org.apache.karaf.webconsole.admin:2.3.1;org.apache.karaf.webconsole:org.apache.karaf.webconsole.admin:2.3.1;org.kie:kie-server-spring-boot-kafka-sample:7.68.0.Final;org.kie:kie-server-spring-boot-kafka-sample:7.60.0.Final;org.kie:kie-server-spring-boot-kafka-sample:7.68.0.Final;org.modeshape:modeshape-web-explorer-war:no_fix;org.kie:keycloak-kie-server-spring-boot-sample:7.68.0.Final;org.kie:keycloak-kie-server-spring-boot-sample:7.60.0.Final;org.kie:keycloak-kie-server-spring-boot-sample:7.68.0.Final;org.apache.activemq:artemis-console:2.34.0;org.apache.activemq:artemis-console:2.17.0;org.apache.activemq:artemis-console:2.19.0;org.apache.activemq:artemis-console:2.29.0;org.apache.activemq:artemis-console:2.22.0;org.kie:kie-server-spring-boot-sample:7.68.0.Final;org.kie:kie-server-spring-boot-sample:7.68.0.Final;io.hawt:hawtio-wildfly:2.0.2;io.hawt:hawtio-wildfly:2.0.2;io.hawt:hawtio-wildfly:2.0.2;io.hawt:hawtio-wildfly:2.0.2;io.hawt:hawtio-wildfly:2.0.2;io.hawt:hawtio-wildfly:2.0.2;org.jboss.rh-messaging.amq:amq-broker-hawtio:no_fix;io.hawt:hawtio-osgi:2.11.0;io.hawt:hawtio-osgi:2.11.0;io.hawt:hawtio-osgi:2.11.0;io.hawt:hawtio-osgi:2.11.0;org.kie:kie-server-spring-boot-integ-tests-sample:7.68.0.Final;org.kie:kie-server-spring-boot-integ-tests-sample:7.68.0.Final;org.json:json:20180130;org.json:json:20180130;org.apache.karaf.webconsole:org.apache.karaf.webconsole.console:2.3.1;org.apache.karaf.webconsole:org.apache.karaf.webconsole.console:2.3.1;org.apache.karaf.webconsole:org.apache.karaf.webconsole.console:2.3.1

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

WS-2017-3805

Good to know:

Date: October 30, 2017

Language: Java

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?