org.codehaus.jettison:jettison 1.4.1 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.codehaus.jettison:jettison package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
H Denial of Service (DoS) Affected versions of this package are vulnerable to Denial of Service (DoS) due to infinite recursion, when constructing a `JSONArray` from a Collection that contains a self-reference in one of its elements. Exploiting this vulnerability results in a `StackOverflowError` exception being thrown. How to fix Denial of Service (DoS)? Upgrade `org.codehaus.jettison:jettison` to version 1.5.4 or higher.	[,1.5.4)
H Denial of Service (DoS) Affected versions of this package are vulnerable to Denial of Service (DoS) due to a stack overflow in the `map` parameter. An attacker can trigger a crash by passing in a map object that recursively takes itself as a value. How to fix Denial of Service (DoS)? Upgrade `org.codehaus.jettison:jettison` to version 1.5.2 or higher.	[1.3.1,1.5.2)
H Denial of Service (DoS) Affected versions of this package are vulnerable to Denial of Service (DoS) via crafted JSON data. How to fix Denial of Service (DoS)? Upgrade `org.codehaus.jettison:jettison` to version 1.5.2 or higher.	[,1.5.2)
M Denial of Service (DoS) Affected versions of this package are vulnerable to Denial of Service (DoS) when the parser is running on user supplied input, allowing an attacker to supply content that causes the parser to crash by Out of memory. How to fix Denial of Service (DoS)? Upgrade `org.codehaus.jettison:jettison` to version 1.5.1 or higher.	[,1.5.1)
M Stack-based Buffer Overflow Affected versions of this package are vulnerable to Stack-based Buffer Overflow when the parser is running on user supplied input, by allowing an attacker to supply content that causes the parser to crash. How to fix Stack-based Buffer Overflow? Upgrade `org.codehaus.jettison:jettison` to version 1.5.1 or higher.	[,1.5.1)

Vulnerability

Vulnerable Version

Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS) due to infinite recursion, when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. Exploiting this vulnerability results in a StackOverflowError exception being thrown.

How to fix Denial of Service (DoS)?

Upgrade org.codehaus.jettison:jettison to version 1.5.4 or higher.

[,1.5.4)

Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS) due to a stack overflow in the map parameter. An attacker can trigger a crash by passing in a map object that recursively takes itself as a value.

How to fix Denial of Service (DoS)?

Upgrade org.codehaus.jettison:jettison to version 1.5.2 or higher.

[1.3.1,1.5.2)

Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS) via crafted JSON data.

How to fix Denial of Service (DoS)?

Upgrade org.codehaus.jettison:jettison to version 1.5.2 or higher.

[,1.5.2)

Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS) when the parser is running on user supplied input, allowing an attacker to supply content that causes the parser to crash by Out of memory.

How to fix Denial of Service (DoS)?

Upgrade org.codehaus.jettison:jettison to version 1.5.1 or higher.

[,1.5.1)

Stack-based Buffer Overflow

Affected versions of this package are vulnerable to Stack-based Buffer Overflow when the parser is running on user supplied input, by allowing an attacker to supply content that causes the parser to crash.

How to fix Stack-based Buffer Overflow?

Upgrade org.codehaus.jettison:jettison to version 1.5.1 or higher.

[,1.5.1)

org.codehaus.jettison:jettison@1.4.1 vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities

How to fix?