CVE-2022-21653

GHSA-vc89-hccf-rq55, CVE-2022-21653

maven/org.typelevel/jawn-parser

Hash collision in typelevel jawn

Jawn is an open source JSON parser. Extenders of the org.typelevel.jawn.SimpleFacade and org.typelevel.jawn.MutableFacade who don't override objectContext() are vulnerable to a hash collision attack which may result in a denial of service. Most applications do not implement these traits directly, but inherit from a library. jawn-parser-1.3.1 fixes this issue and users are advised to upgrade. For users unable to upgrade override objectContext() to use a collision-safe collection.

All versions before 1.3.2

Upgrade to version 1.3.2 or above.

2022-01-11