CVE-2021-31684

HIGH

json-smart-v1 1.3-1.3.2 and 2.4-2.4.3 - Denial of Service via JSONParserByteArray indexOf Function

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2021-31684. PoCs published by dawetmaster, andikahilmy.

AI-analyzed exploit summary This repository contains the vulnerable source code of json-smart-v2, specifically highlighting the ASMUtil.java file and related components. It provides a technical overview of the library's structure and mentions CVE-2021-27568 in the changelog, but does not include an exploit PoC or detailed analysis of CVE-2021-31684.

Description

A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of service (DOS) via a crafted web request.

Exploits (2)

nomisec WRITEUP

by dawetmaster · poc

https://github.com/dawetmaster/CVE-2021-31684-json-smart-v2-vulnerable

View Code ZIP pw:eip

This repository contains the vulnerable source code of json-smart-v2, specifically highlighting the ASMUtil.java file and related components. It provides a technical overview of the library's structure and mentions CVE-2021-27568 in the changelog, but does not include an exploit PoC or detailed analysis of CVE-2021-31684.

Classification

Writeup 90%

Attack Type

Other

Complexity

Moderate

Reliability

Theoretical

Target: json-smart-v2

No auth needed

Prerequisites: None

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Mar 14, 2026 Full analysis →

nomisec WRITEUP

by andikahilmy · poc

https://github.com/andikahilmy/CVE-2021-31684-json-smart-v2-vulnerable