CVE-2021-23441: Deserialization of Untrusted Data

September 19, 2021 (updated September 30, 2021)

All versions of package com.jsoniter:jsoniter are vulnerable to Deserialization of Untrusted Data via malicious JSON strings. This may lead to a Denial of Service, and in certain cases, code execution.

References

nvd.nist.gov/vuln/detail/CVE-2021-23441

Detect and mitigate CVE-2021-23441 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →