Description
OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these situations.
References (3)
Core 3
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/OWASP/json-sanitizer/compare/v1.2.1...v1.2.2
Third Party Advisory x_refsource_misc
https://groups.google.com/g/json-sanitizer-support/c/dAW1AeNMoA0
Patch, Third Party Advisory x_refsource_misc
https://github.com/OWASP/json-sanitizer/commit/a37f594f7378a1c76b3283e0dab9e1ab1dc0247e
Scores
CVSS v3
7.5
EPSS
0.0041
EPSS Percentile
61.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
Status
published
Products (2)
com.mikesamuel/json-sanitizer
0 - 1.2.2Maven
owasp/json-sanitizer
< 1.2.2
Published
Jan 13, 2021
Tracked Since
Feb 18, 2026