org.json:json

Maven2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.json:jsonpage 1 of 1

CVE-2022-45688HIGHCVSS 7.5EG 7.5✓ Fixed in 20230227
2022-12-13
vulnerable: 20070829 ... 20220924 (22 versions)
A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.
CVE-2023-5072HIGHCVSS 7.5EG 7.5✓ Fixed in 20231013
2023-10-12
vulnerable: 20070829 ... 20230618 (24 versions)
Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.

Check whether org.json:json is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.json:json CVEs against the assets you own.

Start Free Scan →