CVE-2021-23900
Summary
| CVE | CVE-2021-23900 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-01-13 16:15:00 UTC |
| Updated | 2021-01-19 19:00:00 UTC |
| Description | OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these situations. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Owasp | Json-sanitizer | All | All | All | All |
| Application | Owasp | Json-sanitizer | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Tests for fixes for previously undisclosed vulnerabilities · OWASP/json-sanitizer@a37f594 · GitHub | MISC | github.com | Patch, Third Party Advisory |
| Comparing v1.2.1...v1.2.2 · OWASP/json-sanitizer · GitHub | MISC | github.com | Patch, Third Party Advisory |
| com.mikesamuel:json-sanitizer versions < 1.2.2 vulnerable. | MISC | groups.google.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 982591 Java (maven) Security Update for com.mikesamuel:json-sanitizer (GHSA-8rf5-92jh-3vc9)