CVE-2018-18854
Description
Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service (resource consumption) because of Algorithmic Complexity during the parsing of many JSON object fields (with keys that have the same hash code).
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.838
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2018-18853,CVE-2018-18854 are fixed in spray-json_2.10 1.3.5 | Windows |
| Vulnerabilities CVE-2018-18853,CVE-2018-18854 are fixed in spray-json_2.11 1.3.5 | Windows |
| Vulnerabilities CVE-2018-18853,CVE-2018-18854 are fixed in spray-json_2.12 1.3.5 | Windows |
| Vulnerabilities CVE-2018-18853,CVE-2018-18854,CVE-2018-18855 are fixed in spray-json_2.10 1.3.5 | Windows |
| Vulnerabilities CVE-2018-18853,CVE-2018-18854,CVE-2018-18855 are fixed in spray-json_2.11 1.3.5 | Windows |
| Vulnerabilities CVE-2018-18853,CVE-2018-18854,CVE-2018-18855 are fixed in spray-json_2.12 1.3.5 | Windows |
| Vulnerabilities CVE-2018-18853,CVE-2018-18854 are fixed in spray-json_2.10 for Linux 1.3.5 | Linux |
| Vulnerabilities CVE-2018-18853,CVE-2018-18854 are fixed in spray-json_2.11 for Linux 1.3.5 | Linux |
| Vulnerabilities CVE-2018-18853,CVE-2018-18854 are fixed in spray-json_2.12 for Linux 1.3.5 | Linux |
| Vulnerabilities CVE-2018-18853,CVE-2018-18854,CVE-2018-18855 are fixed in spray-json_2.10 for Linux 1.3.5 | Linux |
| Vulnerabilities CVE-2018-18853,CVE-2018-18854,CVE-2018-18855 are fixed in spray-json_2.11 for Linux 1.3.5 | Linux |
| Vulnerabilities CVE-2018-18853,CVE-2018-18854,CVE-2018-18855 are fixed in spray-json_2.12 for Linux 1.3.5 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234