Home

CVE-2022-21653

Description

Jawn is an open source JSON parser. Extenders of the org.typelevel.jawn.SimpleFacade and org.typelevel.jawn.MutableFacade who dont override objectContext() are vulnerable to a hash collision attack which may result in a denial of service. Most applications do not implement these traits directly, but inherit from a library. jawn-parser-1.3.1 fixes this issue and users are advised to upgrade. For users unable to upgrade override objectContext() to use a collision-safe collection.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.141

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2022-21653 are fixed in Typelevel-jawn-parser 1.3.2Windows
Vulnerabilities CVE-2022-21653 are affected in Typelevel - jawn-parser_0.25 1.3.1Windows
Vulnerabilities CVE-2022-21653 are fixed in Typelevel - jawn-parser_2.12 1.3.2Windows
Vulnerabilities CVE-2022-21653 are fixed in Typelevel - jawn-parser_2.13 1.3.2Windows
Vulnerabilities CVE-2022-21653 are affected in Typelevel - jawn-parser_2.13.0-RC1 1.3.1Windows
Vulnerabilities CVE-2022-21653 are affected in Typelevel - jawn-parser_2.13.0-RC2 1.3.1Windows
Vulnerabilities CVE-2022-21653 are affected in Typelevel - jawn-parser_2.13.0-RC3 1.3.1Windows
Vulnerabilities CVE-2022-21653 are fixed in Typelevel - jawn-parser_3 1.3.2Windows
Vulnerabilities CVE-2022-21653 are affected in Typelevel - jawn-parser_3.0.0-RC3 1.3.1Windows
Vulnerabilities CVE-2022-21653 are fixed in Typelevel-jawn-parser for Linux 1.3.2Linux
Vulnerabilities CVE-2022-21653 are affected in Typelevel - jawn-parser_0.25 for Linux 1.3.1Linux
Vulnerabilities CVE-2022-21653 are fixed in Typelevel - jawn-parser_2.12 for Linux 1.3.2Linux
Vulnerabilities CVE-2022-21653 are fixed in Typelevel - jawn-parser_2.13 for Linux 1.3.2Linux
Vulnerabilities CVE-2022-21653 are affected in Typelevel - jawn-parser_2.13.0-RC1 for Linux 1.3.1Linux
Vulnerabilities CVE-2022-21653 are affected in Typelevel - jawn-parser_2.13.0-RC2 for Linux 1.3.1Linux
Vulnerabilities CVE-2022-21653 are affected in Typelevel - jawn-parser_2.13.0-RC3 for Linux 1.3.1Linux
Vulnerabilities CVE-2022-21653 are fixed in Typelevel - jawn-parser_3 for Linux 1.3.2Linux
Vulnerabilities CVE-2022-21653 are affected in Typelevel - jawn-parser_3.0.0-RC3 for Linux 1.3.1Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234