GHSA-vc89-hccf-rq55, CVE-2022-21653
maven/org.typelevel/jawn-parser
Hash collision in typelevel jawn
Jawn is an open source JSON parser. Extenders of the org.typelevel.jawn.SimpleFacade
and org.typelevel.jawn.MutableFacade
who don't override objectContext()
are vulnerable to a hash collision attack which may result in a denial of service. Most applications do not implement these traits directly, but inherit from a library. jawn-parser-1.3.1
fixes this issue and users are advised to upgrade. For users unable to upgrade override objectContext()
to use a collision-safe collection.
All versions before 1.3.2
Upgrade to version 1.3.2 or above.
2022-01-11
source |