发布于3月6日3月6日 Members Red Hat OpenShift: CVE-2023-1370: json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/22/2023 Created 06/08/2023 Added 06/08/2023 Modified 01/28/2025 Description [Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib. When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software. Solution(s) linuxrpm-upgrade-jenkins-2-plugins References https://attackerkb.com/topics/cve-2023-1370 CVE - 2023-1370 RHSA-2023:2099 RHSA-2023:2100 RHSA-2023:3179 RHSA-2023:3193 RHSA-2023:3223 RHSA-2023:3362 RHSA-2023:3610 RHSA-2023:3622 RHSA-2023:3641 RHSA-2023:3663 RHSA-2023:3906 RHSA-2023:3954 RHSA-2023:7697 RHSA-2024:3527 View more
