VDB
CVE-2023-34610
CVE-2023-34610
PUBLISHED
CVSS 7.5 HIGH
An issue was discovered json-io thru 4.14.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
EPSS 0.14% · 34.0th percentile
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.14%
34.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| json-io_project | json-io | 0 |
| n/a | n/a | n/a |
| Maven | com.cedarsoftware:json-io | 0 |
Timeline
- Jun 14, 2023 CVE Published
- Jun 15, 2023 EPSS Score
- Jul 20, 2023 EPSS Score
- Aug 25, 2023 EPSS Score
- Sep 29, 2023 EPSS Score
- Nov 4, 2023 EPSS Score
- Dec 9, 2023 EPSS Score
- Jan 14, 2024 EPSS Score
- Feb 18, 2024 EPSS Score
- Mar 25, 2024 EPSS Score
- Apr 29, 2024 EPSS Score
- Jun 3, 2024 EPSS Score
References
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37405 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37404 advisory
- https://github.com/jdereg/json-io/issues/169 url
- https://nvd.nist.gov/vuln/detail/CVE-2023-34610 advisory
- https://github.com/jdereg/json-io/issues/174 url
- https://github.com/jdereg/json-io package