CVE-2021-27568
MEDIUMnetplex json-smart-v1/v2 - Info Disclosure
Title source: llmDescription
An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash or expose sensitive information.
Exploits (1)
nomisec
WORKING POC
by arsalanraja987 · poc
https://github.com/arsalanraja987/java-insecure-random-cve-2021-27568
References (8)
Scores
CVSS v3
5.9
EPSS
0.0065
EPSS Percentile
70.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-754
Status
published
Products (14)
json-smart_project/json-smart-v1
< 1.3.2
json-smart_project/json-smart-v2
< 2.3.1
net.minidev/json-smart
0 - 1.3.2Maven
net.minidev/json-smart-mini
0 - 1.3.2Maven
oracle/communications_cloud_native_core_policy
1.14.0
oracle/oss_support_tools
< 2.12.42
oracle/peoplesoft_enterprise_peopletools
8.58
oracle/peoplesoft_enterprise_peopletools
8.59
oracle/utilities_framework
4.4.0.0.0
oracle/utilities_framework
4.4.0.2.0
... and 4 more
Published
Feb 23, 2021
Tracked Since
Feb 18, 2026