VDB
CVE-2022-21653
CVE-2022-21653
PUBLISHED
CVSS 5.900000095367432 MEDIUM
Jawn is an open source JSON parser. Extenders of the `org.typelevel.jawn.SimpleFacade` and `org.typelevel.jawn.MutableFacade` who don't override `objectContext()` are vulnerable to a hash collision attack which may result in a denial of service. Most applications do not implement these traits directly, but inherit from a library. `jawn-parser-1.3.1` fixes this issue and users are advised to upgrade. For users unable to upgrade override `objectContext()` to use a collision-safe collection.
EPSS 0.14% · 34.1th percentile
Risk Scores
CVSS 3.1
5.900000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.14%
34.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Maven | org.typelevel:jawn-parser_0.25 | 0 |
| Maven | org.typelevel:jawn-parser_0.27 | 0 |
| Maven | org.typelevel:jawn-parser_3.0.0-RC1 | 0 |
| Maven | org.typelevel:jawn-parser_2.10 | 0 |
| Maven | org.typelevel:jawn-parser_2.13 | 0 |
| typelevel | jawn | 0, < 1.3.2 |
| Maven | org.typelevel:jawn-parser_2.13.0-M5 | 0 |
| Maven | org.typelevel:jawn-parser_2.11 | 0 |
| Maven | org.typelevel:jawn-parser_2.12 | 0 |
| Maven | org.typelevel:jawn-parser_3.0.0-RC3 | 0 |
| Maven | org.typelevel:jawn-parser_3 | 0 |
| Maven | org.typelevel:jawn-parser_2.13.0-RC1 | 0 |
| Maven | org.typelevel:jawn-parser_3.0.0-M2 | 0 |
| Maven | org.typelevel:jawn-parserg | 0 |
| Maven | org.typelevel:jawn-parser_3.0.0-M1 | 0 |
| Maven | org.typelevel:jawn-parser_3.0.0-M3 | 0 |
| Maven | org.typelevel:jawn-parser_2.13.0-RC3 | 0 |
| Maven | org.typelevel:jawn-parser_3.0.0-RC2 | 0 |
| Maven | org.typelevel:jawn-parser_2.13.0-RC2 | 0 |
Exploit Intelligence
Timeline
- Jan 5, 2022 CVE Published
- Feb 8, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 24, 2022 EPSS Score
- Jul 16, 2022 EPSS Score
- Sep 7, 2022 EPSS Score
- Oct 29, 2022 EPSS Score
- Dec 21, 2022 EPSS Score
- Feb 11, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 5, 2023 EPSS Score
- May 27, 2023 EPSS Score