org.codehaus.jettison:jettison@1.4.0 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.codehaus.jettison:jettison package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS) due to infinite recursion, when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. Exploiting this vulnerability results in a StackOverflowError exception being thrown.

How to fix Denial of Service (DoS)?

Upgrade org.codehaus.jettison:jettison to version 1.5.4 or higher.

[,1.5.4)
  • H
Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS) due to a stack overflow in the map parameter. An attacker can trigger a crash by passing in a map object that recursively takes itself as a value.

How to fix Denial of Service (DoS)?

Upgrade org.codehaus.jettison:jettison to version 1.5.2 or higher.

[1.3.1,1.5.2)
  • H
Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS) via crafted JSON data.

How to fix Denial of Service (DoS)?

Upgrade org.codehaus.jettison:jettison to version 1.5.2 or higher.

[,1.5.2)
  • M
Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS) when the parser is running on user supplied input, allowing an attacker to supply content that causes the parser to crash by Out of memory.

How to fix Denial of Service (DoS)?

Upgrade org.codehaus.jettison:jettison to version 1.5.1 or higher.

[,1.5.1)
  • M
Stack-based Buffer Overflow

Affected versions of this package are vulnerable to Stack-based Buffer Overflow when the parser is running on user supplied input, by allowing an attacker to supply content that causes the parser to crash.

How to fix Stack-based Buffer Overflow?

Upgrade org.codehaus.jettison:jettison to version 1.5.1 or higher.

[,1.5.1)