CVE-2021-23900

EPSS 0.41%
Veröffentlicht 13.01.2021 16:15:14
Zuletzt bearbeitet 21.11.2024 05:52:01
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these situations.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Owasp ≫ Json-sanitizer Version < 1.2.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.41%	0.582

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

https://github.com/OWASP/json-sanitizer/commit/a37f594f7378a1c76b3283e0dab9e1ab1dc0247e

Patch

Third Party Advisory

https://github.com/OWASP/json-sanitizer/compare/v1.2.1...v1.2.2

Patch

Third Party Advisory

https://groups.google.com/g/json-sanitizer-support/c/dAW1AeNMoA0

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-23900

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-23900

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-23900

EUVD