CVE-2024-57699

HIGH

Net.minidev Json-smart < 2.5.2 - Denial of Service

Title source: rule

Description

A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of ’{’, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service (DoS). This issue exists because of an incomplete fix for CVE-2023-1370.

References (2)

[Various Sources] https://github.com/TurtleLiu/Vul_PoC/tree/main/CVE-2024-57699

View Exploit ZIP pw:eip

[Various Sources] https://nvd.nist.gov/vuln/detail/cve-2023-1370

Scores

CVSS v3 7.5

EPSS 0.0004

EPSS Percentile 13.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-674

Status published

Products (1)

net.minidev/json-smart 2.5.0 - 2.5.2Maven

Published Feb 05, 2025

Tracked Since Feb 18, 2026