CVE-2023-5072: Denial of Service in JSON-Java

October 12, 2023 (updated October 13, 2023)

Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.

References

github.com/advisories/GHSA-rm7j-f5g5-27vv
github.com/stleary/JSON-java/commit/60662e2f8384d3449822a3a1179bfe8de67b55bb
github.com/stleary/JSON-java/issues/758
github.com/stleary/JSON-java/issues/771
nvd.nist.gov/vuln/detail/CVE-2023-5072

Detect and mitigate CVE-2023-5072 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →