Vulnerability Description
OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these situations.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Owasp | Json-Sanitizer | < 1.2.2 |
References
- https://github.com/OWASP/json-sanitizer/commit/a37f594f7378a1c76b3283e0dab9e1ab1PatchThird Party Advisory
- https://github.com/OWASP/json-sanitizer/compare/v1.2.1...v1.2.2PatchThird Party Advisory
- https://groups.google.com/g/json-sanitizer-support/c/dAW1AeNMoA0Third Party Advisory
- https://github.com/OWASP/json-sanitizer/commit/a37f594f7378a1c76b3283e0dab9e1ab1PatchThird Party Advisory
- https://github.com/OWASP/json-sanitizer/compare/v1.2.1...v1.2.2PatchThird Party Advisory
- https://groups.google.com/g/json-sanitizer-support/c/dAW1AeNMoA0Third Party Advisory
FAQ
What is CVE-2021-23900?
CVE-2021-23900 is a vulnerability with a CVSS score of 7.5 (HIGH). OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these situ...
How severe is CVE-2021-23900?
CVE-2021-23900 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-23900?
Check the references section above for vendor advisories and patch information. Affected products include: Owasp Json-Sanitizer.