Published: 07/07/2023 Updated: 14/07/2023

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 0

Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache Johnzon. A malicious attacker can craft up some JSON input that uses large numbers (numbers such as 1e20000000) that Apache Johnzon will deserialize into BigDecimal and maybe use numbers too large which may result in a slow conversion (Denial of service risk). Apache Johnzon 1.2.21 mitigates this by setting a scale limit of 1000 (by default) to the BigDecimal. This issue affects Apache Johnzon: up to and including 1.2.20.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache johnzon

Synopsis Moderate: Red Hat Integration Camel for Spring Boot 400 release and security update Type/Severity Security Advisory: Moderate Topic Red Hat Integration Camel for Spring Boot 400 release and security update is now available Red Hat Product Security has rated this update as having an impact of Moderate A Common Vulnerability Scor ...

Synopsis Moderate: Red Hat AMQ Broker 7112 release and security update Type/Severity Security Advisory: Moderate Topic Red Hat AMQ Broker 7112 is now available from the Red Hat Customer PortalRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, wh ...

CWE-502 https://lists.apache.org/thread/qbg14djo95gfpk7o560lr8wcrzfyw43l https://access.redhat.com/errata/RHSA-2023:5441 https://nvd.nist.gov

CVE-2023-33008

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect