{"api_version":"1","generated_at":"2026-04-22T22:50:43+00:00","cve":"CVE-2021-23900","urls":{"html":"https://cve.report/CVE-2021-23900","api":"https://cve.report/api/cve/CVE-2021-23900.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-23900","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-23900"},"summary":{"title":"CVE-2021-23900","description":"OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these situations.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2021-01-13 16:15:00","updated_at":"2021-01-19 19:00:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://github.com/OWASP/json-sanitizer/commit/a37f594f7378a1c76b3283e0dab9e1ab1dc0247e","name":"https://github.com/OWASP/json-sanitizer/commit/a37f594f7378a1c76b3283e0dab9e1ab1dc0247e","refsource":"MISC","tags":["Patch","Third Party Advisory"],"title":"Tests for fixes for previously undisclosed vulnerabilities · OWASP/json-sanitizer@a37f594 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://github.com/OWASP/json-sanitizer/compare/v1.2.1...v1.2.2","name":"https://github.com/OWASP/json-sanitizer/compare/v1.2.1...v1.2.2","refsource":"MISC","tags":["Patch","Third Party Advisory"],"title":"Comparing v1.2.1...v1.2.2 · OWASP/json-sanitizer · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://groups.google.com/g/json-sanitizer-support/c/dAW1AeNMoA0","name":"https://groups.google.com/g/json-sanitizer-support/c/dAW1AeNMoA0","refsource":"MISC","tags":["Third Party Advisory"],"title":"com.mikesamuel:json-sanitizer versions < 1.2.2 vulnerable.","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-23900","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23900","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"23900","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"owasp","cpe5":"json-sanitizer","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"23900","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"owasp","cpe5":"json-sanitizer","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-23900","qid":"982591","title":"Java (maven) Security Update for com.mikesamuel:json-sanitizer (GHSA-8rf5-92jh-3vc9)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2021-23900","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these situations."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://github.com/OWASP/json-sanitizer/compare/v1.2.1...v1.2.2","refsource":"MISC","name":"https://github.com/OWASP/json-sanitizer/compare/v1.2.1...v1.2.2"},{"refsource":"MISC","name":"https://groups.google.com/g/json-sanitizer-support/c/dAW1AeNMoA0","url":"https://groups.google.com/g/json-sanitizer-support/c/dAW1AeNMoA0"},{"refsource":"MISC","name":"https://github.com/OWASP/json-sanitizer/commit/a37f594f7378a1c76b3283e0dab9e1ab1dc0247e","url":"https://github.com/OWASP/json-sanitizer/commit/a37f594f7378a1c76b3283e0dab9e1ab1dc0247e"}]}},"nvd":{"publishedDate":"2021-01-13 16:15:00","lastModifiedDate":"2021-01-19 19:00:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:owasp:json-sanitizer:*:*:*:*:*:*:*:*","versionEndExcluding":"1.2.2","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"23900","Ordinal":"198641","Title":"CVE-2021-23900","CVE":"CVE-2021-23900","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"23900","Ordinal":"1","NoteData":"OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these situations.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"23900","Ordinal":"2","NoteData":"2021-01-13","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"23900","Ordinal":"3","NoteData":"2021-01-13","Type":"Other","Title":"Modified"}]}}}