Cxdb5a1032-eda2 @ Maven-org.json:json-20090211

**Vulnerable Package** issue exists @ **Maven\-org\.json:json\-20090211** in branch **master**

The package `JSON-java` before 20200518 is vulnerable to Denial Of Service. The function `nextMeta` in the file `XMLTokener.java` runs into an infinite loop as the JSONTokener.nextMeta() function
returns the same character repeatedly and never advances the Tokener index. Due to this flaw, the availability of the application is affected.

**Namespace:** TaynaCT
**Repository:** JavaVulnerableLab
**Repository Url:** https://github.com/TaynaCT/JavaVulnerableLab
**CxAST\-Project:** TaynaCT/JavaVulnerableLab
**CxAST platform scan:** [8306ce52\-f0ea\-4229\-8014\-fe5126ba5a64](https://eu.ast.checkmarx.net/projects/26ce21e6-14ed-4718-96d4-658078577e49/scans?id=8306ce52-f0ea-4229-8014-fe5126ba5a64&branch=master)
**Branch:** master
**Application:** JavaVulnerableLab
**Severity:** HIGH
**State:** NOT_IGNORED
**Status:** RECURRENT
**CWE:** CWE-835


----
**Addition Info**
**Attack vector:** NETWORK
**Attack complexity:** LOW
**Confidentiality impact:** NONE
**Availability impact:** HIGH


----
**References**
[Issue](https://github.com/stleary/JSON-java/issues/484)
[Pull request](https://github.com/stleary/JSON-java/pull/485)
[Commit](https://github.com/stleary/JSON-java/commit/5b62cf13ff30c311df1d33f27447e1976d8296b7)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Cxdb5a1032-eda2 @ Maven-org.json:json-20090211 #59

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Cxdb5a1032-eda2 @ Maven-org.json:json-20090211 #59

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions