GMS-2022-2616: Improper Handling of Exceptional Conditions in Newtonsoft.Json
(updated )
Newtonsoft.Json prior to version 13.0.1 is vulnerable to Insecure Defaults due to improper handling of StackOverFlow exception (SOE) whenever nested expressions are being processed. Exploiting this vulnerability results in Denial Of Service (DoS), and it is exploitable when an attacker sends 5 requests that cause SOE in time frame of 5 minutes. This vulnerability affects Internet Information Services (IIS) Applications.
References
- alephsecurity.com/2018/10/22/StackOverflowException/
- alephsecurity.com/vulns/aleph-2018004
- github.com/JamesNK/Newtonsoft.Json/commit/7e77bbe1beccceac4fc7b174b53abfefac278b66
- github.com/JamesNK/Newtonsoft.Json/issues/2457
- github.com/JamesNK/Newtonsoft.Json/pull/2462
- github.com/advisories/GHSA-5crp-9r3c-p9vr
- security.snyk.io/vuln/SNYK-DOTNET-NEWTONSOFTJSON-2774678
Detect and mitigate GMS-2022-2616 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →