CVE-2024-57699: Netplex Json-smart Uncontrolled Recursion vulnerability
(updated )
A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of ’{’, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service (DoS). This issue exists because of an incomplete fix for CVE-2023-1370.
References
- github.com/TurtleLiu/Vul_PoC/tree/main/CVE-2024-57699
- github.com/advisories/GHSA-pq2g-wx69-c263
- github.com/netplex/json-smart-v2
- github.com/netplex/json-smart-v2/issues/232
- github.com/netplex/json-smart-v2/issues/233
- github.com/netplex/json-smart-v2/issues/236
- github.com/netplex/json-smart-v2/releases/tag/2.5.2
- nvd.nist.gov/vuln/detail/CVE-2024-57699
- nvd.nist.gov/vuln/detail/cve-2023-1370
Detect and mitigate CVE-2024-57699 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →