cn.hutool:hutool-json@5.3.5 vulnerabilities

  • latest version

    5.8.34

  • latest non vulnerable version

  • first published

    6 years ago

  • latest version published

    19 days ago

  • licenses detected

  • package manager

  • Direct Vulnerabilities

    Known vulnerabilities in the cn.hutool:hutool-json package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Buffer Overflow

    Affected versions of this package are vulnerable to Buffer Overflow in the jsonObject.putByPath() function. An attacker can cause a crash by sending a specially crafted JSON object to trigger an OutOfMemoryError.

    How to fix Buffer Overflow?

    Upgrade cn.hutool:hutool-json to version 5.8.22 or higher.

    [0,5.8.22)
    • H
    Buffer Overflow

    Affected versions of this package are vulnerable to Buffer Overflow via the JSONUtil.parse() function. An attacker can cause a heap buffer overflow by sending a specially crafted JSON string. This can lead to unexpected behavior or application crashes.

    How to fix Buffer Overflow?

    Upgrade cn.hutool:hutool-json to version 5.8.22 or higher.

    [0,5.8.22)
    • H
    Buffer Overflow

    Affected versions of this package are vulnerable to Buffer Overflow in the jsonArray.add() function. An attacker can cause a crash by sending a specially crafted JSON object to trigger an OutOfMemoryError.

    How to fix Buffer Overflow?

    Upgrade cn.hutool:hutool-json to version 5.8.22 or higher.

    [0,5.8.22)
    • H
    Denial of Service (DoS)

    Affected versions of this package are vulnerable to Denial of Service (DoS) due to an out-of-memory error.

    How to fix Denial of Service (DoS)?

    Upgrade cn.hutool:hutool-json to version 5.8.11 or higher.

    [0,5.8.11)
    • H
    Denial of Service (DoS)

    Affected versions of this package are vulnerable to Denial of Service (DoS) in the XML.toJSONObject component via crafted JSON or XML data.

    How to fix Denial of Service (DoS)?

    Upgrade cn.hutool:hutool-json to version 5.8.25 or higher.

    [,5.8.25)
    • H
    Denial of Service (DoS)

    Affected versions of this package are vulnerable to Denial of Service (DoS) in the org.json.JSONTokener.nextValue::JSONTokener.java via a crafted JSON or XML data.

    How to fix Denial of Service (DoS)?

    Upgrade cn.hutool:hutool-json to version 5.8.11 or higher.

    [0,5.8.11)