Cxdb5a1032-eda2 @ Maven-org.json:json-20090211

**Checkmarx \(SCA\):** Vulnerable Package
**Vulnerability:** [Read More ](https://devhub.checkmarx.com/cve-details/Cxdb5a1032-eda2) about Cxdb5a1032-eda2
**Checkmarx Project:** [YSLCx/Github\_demo](https://ast.checkmarx.net/projects/f3e24e6d-f6bb-42db-8b51-bcec96c9232c/overview?branch=main)
**Repository URL:** [https://github.com/YSLCx/Github\_demo](https://github.com/YSLCx/Github_demo)
**Branch:** main
**Scan ID:** [f799fc13\-25e4\-479c\-a802\-e1aeacbb3e2d](https://ast.checkmarx.net/projects/f3e24e6d-f6bb-42db-8b51-bcec96c9232c/scans?id=f799fc13-25e4-479c-a802-e1aeacbb3e2d&branch=main)


----
The package `JSON-java` before 20200518 is vulnerable to Denial Of Service. The function `nextMeta` in the file `XMLTokener.java` runs into an infinite loop as the `JSONTokener.nextMeta()` function returns the same character repeatedly and never advances the Tokener index. Due to this flaw, the availability of the application is affected.





----
**Additional Info**
**Attack vector:** NETWORK
**Attack complexity:** LOW
**Confidentiality impact:** NONE
**Availability impact:** HIGH
**Remediation Upgrade Recommendation:** 20231013


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Cxdb5a1032-eda2 @ Maven-org.json:json-20090211 #22

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Cxdb5a1032-eda2 @ Maven-org.json:json-20090211 #22

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions