Home > Vulnerability Database > CVE-2021-23900

Mend.io Vulnerability Database

CVE-2021-23900

Good to know:

Date: January 13, 2021

OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these situations.

Language: Java

Severity Score

7.5

Related Resources (5)

Url: https://github.com/OWASP/json-sanitizer/commit/a37f594f7378a1c76b3283e0dab9e1ab1dc0247e

Url: https://github.com/OWASP/json-sanitizer/compare/v1.2.1...v1.2.2

Url: https://groups.google.com/g/json-sanitizer-support/c/dAW1AeNMoA0

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-23900

Url: https://www.mend.io/vulnerability-database/CVE-2021-23900

Severity Score

7.5

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

Uncaught Exception

CWE-248

Top Fix

Upgrade Version

Upgrade to version com.mikesamuel:json-sanitizer versions:1.2.2

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-23900

Good to know:

Date: January 13, 2021

Language: Java

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?