CVE-2023-1436

MEDIUM

Jettison - Memory Corruption

Title source: llm

Description

An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.

References (1)

[Exploit, Third Party Advisory] https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/

Scores

CVSS v3 5.9

EPSS 0.0013

EPSS Percentile 31.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-674

Status published

Products (2)

jettison_project/jettison < 1.5.4

org.codehaus.jettison/jettison 0 - 1.5.4Maven

Published Mar 22, 2023

Tracked Since Feb 18, 2026