Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Checkmarx][OSA] Cx08fcacc9-cb99 - Score 7.5 - org.json:json:20170516 #188

Closed
miguelfreitas93 opened this issue Jun 16, 2020 · 13 comments
Closed

[Checkmarx][OSA] Cx08fcacc9-cb99 - Score 7.5 - org.json:json:20170516 #188

miguelfreitas93 opened this issue Jun 16, 2020 · 13 comments
Assignees
@miguelfreitas93
Labels
bug Something isn't working checkmarx High osa test Label for testing purposes To Verify

Comments

@miguelfreitas93
Copy link
Contributor

** Library Details **
Library ID: 2DA28C5536606251BE5586AE4F0607C9272719B8
Library Name: org.json:json
Library Version: 20170516
Library Source File Name:
Library Confidence Level: 100

** Library Severity Details **
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0

** CVE Details **
CVE Name: Cx08fcacc9-cb99
CVE Score: 7.5
Severity: High
State: TO_VERIFY
CVE Publish Date: 2017-10-30T11:27:00
CVE URL: stleary/JSON-java#372
CVE Description: The package JSON-java before 20180130 is vulnerable to Denial of service. The method JSONArray() in class JSONArray() of file JSONArray.java, doesn't check for unclosed array while parsing, causing the application to crash, due to an StackOverflowException. This affects the Availability of the application.

** Recommendations **
Library Newest Version: 20190722
Library Newest Version Release Date: 2019-08-07T00:56:35
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 20190722
@miguelfreitas93 miguelfreitas93 added bug Something isn't working checkmarx High osa test Label for testing purposes To Verify labels Jun 16, 2020
@miguelfreitas93 miguelfreitas93 self-assigned this Jun 16, 2020
@miguelfreitas93
Copy link
Contributor Author

** Library Details **
Library ID: 2DA28C5536606251BE5586AE4F0607C9272719B8
Library Name: org.json:json
Library Version: 20170516
Library Source File Name:
Library Confidence Level: 100

** Library Severity Details **
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0

** CVE Details **
CVE Name: Cx08fcacc9-cb99
CVE Score: 7.5
Severity: High
State: TO_VERIFY
CVE Publish Date: 2017-10-30T11:27:00
CVE URL: stleary/JSON-java#372
CVE Description: The package JSON-java before 20180130 is vulnerable to Denial of service. The method JSONArray() in class JSONArray() of file JSONArray.java, doesn't check for unclosed array while parsing, causing the application to crash, due to an StackOverflowException. This affects the Availability of the application.

** Recommendations **
Library Newest Version: 20190722
Library Newest Version Release Date: 2019-08-07T00:56:35
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 20190722

@miguelfreitas93
Copy link
Contributor Author

Library Details
Library ID: 2DA28C5536606251BE5586AE4F0607C9272719B8
Library Name: org.json:json
Library Version: 20170516
Library Source File Name:
Library Confidence Level: 100

Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0

CVE Details
CVE Name: Cx08fcacc9-cb99
CVE Score: 7.5
Severity: High
State: TO_VERIFY
CVE Publish Date: 2017-10-30T11:27:00
CVE URL: stleary/JSON-java#372
CVE Description: The package JSON-java before 20180130 is vulnerable to Denial of service. The method JSONArray() in class JSONArray() of file JSONArray.java, doesn't check for unclosed array while parsing, causing the application to crash, due to an StackOverflowException. This affects the Availability of the application.

Recommendations
Library Newest Version: 20190722
Library Newest Version Release Date: 2019-08-07T00:56:35
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 20190722

9 similar comments
@miguelfreitas93
Copy link
Contributor Author

Library Details
Library ID: 2DA28C5536606251BE5586AE4F0607C9272719B8
Library Name: org.json:json
Library Version: 20170516
Library Source File Name:
Library Confidence Level: 100

Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0

CVE Details
CVE Name: Cx08fcacc9-cb99
CVE Score: 7.5
Severity: High
State: TO_VERIFY
CVE Publish Date: 2017-10-30T11:27:00
CVE URL: stleary/JSON-java#372
CVE Description: The package JSON-java before 20180130 is vulnerable to Denial of service. The method JSONArray() in class JSONArray() of file JSONArray.java, doesn't check for unclosed array while parsing, causing the application to crash, due to an StackOverflowException. This affects the Availability of the application.

Recommendations
Library Newest Version: 20190722
Library Newest Version Release Date: 2019-08-07T00:56:35
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 20190722

@miguelfreitas93
Copy link
Contributor Author

Library Details
Library ID: 2DA28C5536606251BE5586AE4F0607C9272719B8
Library Name: org.json:json
Library Version: 20170516
Library Source File Name:
Library Confidence Level: 100

Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0

CVE Details
CVE Name: Cx08fcacc9-cb99
CVE Score: 7.5
Severity: High
State: TO_VERIFY
CVE Publish Date: 2017-10-30T11:27:00
CVE URL: stleary/JSON-java#372
CVE Description: The package JSON-java before 20180130 is vulnerable to Denial of service. The method JSONArray() in class JSONArray() of file JSONArray.java, doesn't check for unclosed array while parsing, causing the application to crash, due to an StackOverflowException. This affects the Availability of the application.

Recommendations
Library Newest Version: 20190722
Library Newest Version Release Date: 2019-08-07T00:56:35
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 20190722

@miguelfreitas93
Copy link
Contributor Author

Library Details
Library ID: 2DA28C5536606251BE5586AE4F0607C9272719B8
Library Name: org.json:json
Library Version: 20170516
Library Source File Name:
Library Confidence Level: 100

Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0

CVE Details
CVE Name: Cx08fcacc9-cb99
CVE Score: 7.5
Severity: High
State: TO_VERIFY
CVE Publish Date: 2017-10-30T11:27:00
CVE URL: stleary/JSON-java#372
CVE Description: The package JSON-java before 20180130 is vulnerable to Denial of service. The method JSONArray() in class JSONArray() of file JSONArray.java, doesn't check for unclosed array while parsing, causing the application to crash, due to an StackOverflowException. This affects the Availability of the application.

Recommendations
Library Newest Version: 20190722
Library Newest Version Release Date: 2019-08-07T00:56:35
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 20190722

@miguelfreitas93
Copy link
Contributor Author

Library Details
Library ID: 2DA28C5536606251BE5586AE4F0607C9272719B8
Library Name: org.json:json
Library Version: 20170516
Library Source File Name:
Library Confidence Level: 100

Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0

CVE Details
CVE Name: Cx08fcacc9-cb99
CVE Score: 7.5
Severity: High
State: TO_VERIFY
CVE Publish Date: 2017-10-30T11:27:00
CVE URL: stleary/JSON-java#372
CVE Description: The package JSON-java before 20180130 is vulnerable to Denial of service. The method JSONArray() in class JSONArray() of file JSONArray.java, doesn't check for unclosed array while parsing, causing the application to crash, due to an StackOverflowException. This affects the Availability of the application.

Recommendations
Library Newest Version: 20190722
Library Newest Version Release Date: 2019-08-07T00:56:35
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 20190722

@miguelfreitas93
Copy link
Contributor Author

Library Details
Library ID: 2DA28C5536606251BE5586AE4F0607C9272719B8
Library Name: org.json:json
Library Version: 20170516
Library Source File Name:
Library Confidence Level: 100

Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0

CVE Details
CVE Name: Cx08fcacc9-cb99
CVE Score: 7.5
Severity: High
State: TO_VERIFY
CVE Publish Date: 2017-10-30T11:27:00
CVE URL: stleary/JSON-java#372
CVE Description: The package JSON-java before 20180130 is vulnerable to Denial of service. The method JSONArray() in class JSONArray() of file JSONArray.java, doesn't check for unclosed array while parsing, causing the application to crash, due to an StackOverflowException. This affects the Availability of the application.

Recommendations
Library Newest Version: 20190722
Library Newest Version Release Date: 2019-08-07T00:56:35
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 20190722

@miguelfreitas93
Copy link
Contributor Author

Library Details
Library ID: 2DA28C5536606251BE5586AE4F0607C9272719B8
Library Name: org.json:json
Library Version: 20170516
Library Source File Name:
Library Confidence Level: 100

Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0

CVE Details
CVE Name: Cx08fcacc9-cb99
CVE Score: 7.5
Severity: High
State: TO_VERIFY
CVE Publish Date: 2017-10-30T11:27:00
CVE URL: stleary/JSON-java#372
CVE Description: The package JSON-java before 20180130 is vulnerable to Denial of service. The method JSONArray() in class JSONArray() of file JSONArray.java, doesn't check for unclosed array while parsing, causing the application to crash, due to an StackOverflowException. This affects the Availability of the application.

Recommendations
Library Newest Version: 20190722
Library Newest Version Release Date: 2019-08-07T00:56:35
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 20190722

@miguelfreitas93
Copy link
Contributor Author

Library Details
Library ID: 2DA28C5536606251BE5586AE4F0607C9272719B8
Library Name: org.json:json
Library Version: 20170516
Library Source File Name:
Library Confidence Level: 100

Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0

CVE Details
CVE Name: Cx08fcacc9-cb99
CVE Score: 7.5
Severity: High
State: TO_VERIFY
CVE Publish Date: 2017-10-30T11:27:00
CVE URL: stleary/JSON-java#372
CVE Description: The package JSON-java before 20180130 is vulnerable to Denial of service. The method JSONArray() in class JSONArray() of file JSONArray.java, doesn't check for unclosed array while parsing, causing the application to crash, due to an StackOverflowException. This affects the Availability of the application.

Recommendations
Library Newest Version: 20190722
Library Newest Version Release Date: 2019-08-07T00:56:35
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 20190722

@miguelfreitas93
Copy link
Contributor Author

Library Details
Library ID: 2DA28C5536606251BE5586AE4F0607C9272719B8
Library Name: org.json:json
Library Version: 20170516
Library Source File Name:
Library Confidence Level: 100

Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0

CVE Details
CVE Name: Cx08fcacc9-cb99
CVE Score: 7.5
Severity: High
State: TO_VERIFY
CVE Publish Date: 2017-10-30T11:27:00
CVE URL: stleary/JSON-java#372
CVE Description: The package JSON-java before 20180130 is vulnerable to Denial of service. The method JSONArray() in class JSONArray() of file JSONArray.java, doesn't check for unclosed array while parsing, causing the application to crash, due to an StackOverflowException. This affects the Availability of the application.

Recommendations
Library Newest Version: 20190722
Library Newest Version Release Date: 2019-08-07T00:56:35
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 20190722

@miguelfreitas93
Copy link
Contributor Author

Library Details
Library ID: 2DA28C5536606251BE5586AE4F0607C9272719B8
Library Name: org.json:json
Library Version: 20170516
Library Source File Name:
Library Confidence Level: 100

Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0

CVE Details
CVE Name: Cx08fcacc9-cb99
CVE Score: 7.5
Severity: High
State: TO_VERIFY
CVE Publish Date: 2017-10-30T11:27:00
CVE URL: stleary/JSON-java#372
CVE Description: The package JSON-java before 20180130 is vulnerable to Denial of service. The method JSONArray() in class JSONArray() of file JSONArray.java, doesn't check for unclosed array while parsing, causing the application to crash, due to an StackOverflowException. This affects the Availability of the application.

Recommendations
Library Newest Version: 20190722
Library Newest Version Release Date: 2019-08-07T00:56:35
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 20190722

@miguelfreitas93
Copy link
Contributor Author

Vulnerability does not exist anymore

1 similar comment
@miguelfreitas93
Copy link
Contributor Author

Vulnerability does not exist anymore

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@miguelfreitas93 miguelfreitas93

Labels
bug Something isn't working checkmarx High osa test Label for testing purposes To Verify
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@miguelfreitas93