net.minidev:json-smart@1.3.1 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the net.minidev:json-smart package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
H Denial of Service (DoS) net.minidev:json-smart is a Java JSON parser. Affected versions of this package are vulnerable to Denial of Service (DoS) due to a `StackOverflowError` when parsing a deeply nested JSON array or object. NOTE: Although this vulnerability was fixed in version 2.4.9 the maintainer recommends upgrading to 2.4.10, due to a remaining bug. How to fix Denial of Service (DoS)? Upgrade `net.minidev:json-smart` to version 2.4.9 or higher.	[,2.4.9)
M Denial of Service (DoS) net.minidev:json-smart is a Java JSON parser. Affected versions of this package are vulnerable to Denial of Service (DoS) via the `indexOf` function of `JSONParserByteArray` which causes a denial of service (DOS) via a crafted web request. How to fix Denial of Service (DoS)? Upgrade `net.minidev:json-smart` to version 1.3.3, 2.4.5 or higher.	[0,1.3.3) [2.0.0,2.4.5)
M Denial of Service (DoS) net.minidev:json-smart is a Java JSON parser. Affected versions of this package are vulnerable to Denial of Service (DoS). An exception is thrown from a function, but it is not caught, as demonstrated by `NumberFormatException`. When it is not caught, it may cause programs using the library to crash or expose sensitive information. How to fix Denial of Service (DoS)? Upgrade `net.minidev:json-smart` to version 1.3.2, 2.3.1, 2.4.1 or higher.	[0,1.3.2) [2.0.0,2.3.1) [2.4.0,2.4.1)