CVE-2023-1436

Jettison vulnerable to infinite recursion in maven/org.codehaus.jettison/jettison

Identifiers

GHSA-q6g2-g7f3-rr83, CVE-2023-1436

Package Slug

maven/org.codehaus.jettison/jettison

Vulnerability

Jettison vulnerable to infinite recursion

Description

An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.

Affected Versions

All versions before 1.5.4

Solution

Upgrade to version 1.5.4 or above.

Last Modified

2023-03-23

source