net.minidev:json-smart@2.3.1 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the net.minidev:json-smart package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Denial of Service (DoS)

net.minidev:json-smart is a Java JSON parser.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to a StackOverflowError when parsing a deeply nested JSON array or object.

NOTE: Although this vulnerability was fixed in version 2.4.9 the maintainer recommends upgrading to 2.4.10, due to a remaining bug.

How to fix Denial of Service (DoS)?

Upgrade net.minidev:json-smart to version 2.4.9 or higher.

[,2.4.9)
  • M
Denial of Service (DoS)

net.minidev:json-smart is a Java JSON parser.

Affected versions of this package are vulnerable to Denial of Service (DoS) via the indexOf function of JSONParserByteArray which causes a denial of service (DOS) via a crafted web request.

How to fix Denial of Service (DoS)?

Upgrade net.minidev:json-smart to version 1.3.3, 2.4.5 or higher.

[0,1.3.3) [2.0.0,2.4.5)