Homepage
About Snyk

org.json:json@20131018 vulnerabilities

  • latest version

    20240303

  • latest non vulnerable version

    20240303

  • first published

    17 years ago

  • latest version published

    2 months ago

  • licenses detected

    • JSON
      [20070829,20220924)

  • package manager

    View on Maven Repository
Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.json:json package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Allocation of Resources Without Limits or Throttling

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. An attacker can cause indefinite amounts of memory to be used by inputting a string of modest size. This can lead to a Denial of Service.

How to fix Allocation of Resources Without Limits or Throttling?

Upgrade org.json:json to version 20231013 or higher.

[0,20231013)
  • H
Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS) in the XML.toJSONObject component via crafted JSON or XML data.

How to fix Denial of Service (DoS)?

Upgrade org.json:json to version 20230227 or higher.

[,20230227)
  • H
Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS) when trying to initialize a JSONArray object and the input is [. This will cause the jvm to crash with StackOverflowError due to non-cyclical stack overflow.

PoC

new JSONArray("[")

How to fix Denial of Service (DoS)?

Upgrade org.json:json to version 20180130 or higher.

[,20180130)
Go back to all versions of this package