VDB

CVE-2022-21653

CVE-2022-21653 PUBLISHED CVSS 5.900000095367432 MEDIUM

Jawn is an open source JSON parser. Extenders of the `org.typelevel.jawn.SimpleFacade` and `org.typelevel.jawn.MutableFacade` who don't override `objectContext()` are vulnerable to a hash collision attack which may result in a denial of service. Most applications do not implement these traits directly, but inherit from a library. `jawn-parser-1.3.1` fixes this issue and users are advised to upgrade. For users unable to upgrade override `objectContext()` to use a collision-safe collection.

EPSS 0.14% · 34.1th percentile

Risk Scores

CVSS 3.1
5.900000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.14%
34.1th percentile

Affected Products

VendorProductVersions
Mavenorg.typelevel:jawn-parser_0.250
Mavenorg.typelevel:jawn-parser_0.270
Mavenorg.typelevel:jawn-parser_3.0.0-RC10
Mavenorg.typelevel:jawn-parser_2.100
Mavenorg.typelevel:jawn-parser_2.130
typeleveljawn0, < 1.3.2
Mavenorg.typelevel:jawn-parser_2.13.0-M50
Mavenorg.typelevel:jawn-parser_2.110
Mavenorg.typelevel:jawn-parser_2.120
Mavenorg.typelevel:jawn-parser_3.0.0-RC30
Mavenorg.typelevel:jawn-parser_30
Mavenorg.typelevel:jawn-parser_2.13.0-RC10
Mavenorg.typelevel:jawn-parser_3.0.0-M20
Mavenorg.typelevel:jawn-parserg0
Mavenorg.typelevel:jawn-parser_3.0.0-M10
Mavenorg.typelevel:jawn-parser_3.0.0-M30
Mavenorg.typelevel:jawn-parser_2.13.0-RC30
Mavenorg.typelevel:jawn-parser_3.0.0-RC20
Mavenorg.typelevel:jawn-parser_2.13.0-RC20

Timeline

  • Jan 5, 2022 CVE Published
  • Feb 8, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 24, 2022 EPSS Score
  • Jul 16, 2022 EPSS Score
  • Sep 7, 2022 EPSS Score
  • Oct 29, 2022 EPSS Score
  • Dec 21, 2022 EPSS Score
  • Feb 11, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 5, 2023 EPSS Score
  • May 27, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›