CVE-2023-1370 CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion') #137

Grimoren · 2023-03-21T18:51:54Z

This one was published 14 March 2023

Published Vulnerabilities
CVE-2023-1370 (OSSINDEX) suppress

json-smart - Denial of Service (DoS)
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

CVSSv2:
Base Score: HIGH (7.5)
Vector: /AV:N/AC:L/Au:/C:N/I:N/A:H

cpe:2.3:a:net.minidev:json-smart:2.4.8:*:*:*:*:*:*:*

Not sure if it's been fixed in the latest(2.4.10), but I see no reference the CVE on the repo

The text was updated successfully, but these errors were encountered:

Grimoren · 2023-03-21T19:28:46Z

Apparently this was already complete for 2.4.9

UrielCh · 2023-03-22T07:11:57Z

yep... but 2.4.9 introduce a new bug, so skip v2.4.9 and use directly the v2.4.10

apryamostanov · 2023-06-12T05:26:50Z

I seen this warning in IntelliJ Idea and came here.

I do not understand how "crash" software is a vulnerability.

UrielCh · 2023-06-12T11:25:02Z

It's more of a potential DDOS helper.

Grimoren closed this as completed Mar 21, 2023

AASMACMX mentioned this issue Jul 20, 2023

CVE-2023-1370 @ Maven-net.minidev:json-smart-2.3 CxDemoInABoxRepos/Java-Webgoat#854

Open

github-actions bot mentioned this issue Apr 4, 2024

CVE-2023-1370 ministryofjustice/hmpps-probation-integration-services#3583

Closed

github-actions bot mentioned this issue Apr 26, 2024

CVE-2023-1370 ministryofjustice/hmpps-probation-integration-services#3681

Closed

github-actions bot mentioned this issue Jun 7, 2024

CVE-2023-1370 ministryofjustice/hmpps-probation-integration-services#3878

Closed

github-actions bot mentioned this issue Jun 19, 2024

CVE-2023-1370 ministryofjustice/hmpps-probation-integration-services#3923

Closed

Provide feedback