Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Stack Buffer Overflow in Jettison
Vulnerability Description
Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
Jettison 资源管理错误漏洞
Vulnerability Description
Jettison是jettison-json开源的Jettison 是一个 Java 库。,用于在 StAX 的帮助下将 XML 转换为 JSON。 Jettison 存在安全漏洞,该漏洞源于解析不受信任的XML或JSON数据时可能容易受到拒绝服务攻击(DOS)的攻击。如果解析器在用户提供的输入上运行,攻击者可能会提供导致解析器因内存不足而崩溃的内容,这种效应可能支持拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A