You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Path to dependency file: /spring-boot-project/spring-boot-docs/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.2/765a6181653f4b05c18c7a9e8f5c1f8269bf9b2/jettison-1.2.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.2/765a6181653f4b05c18c7a9e8f5c1f8269bf9b2/jettison-1.2.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.2/765a6181653f4b05c18c7a9e8f5c1f8269bf9b2/jettison-1.2.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.2/765a6181653f4b05c18c7a9e8f5c1f8269bf9b2/jettison-1.2.jar
mend-bolt-for-githubbot
changed the title
CVE-2022-45685 (Medium) detected in jettison-1.2.jar
CVE-2022-45685 (High) detected in jettison-1.2.jar
Dec 21, 2022
CVE-2022-45685 - High Severity Vulnerability
Vulnerable Library - jettison-1.2.jar
A StAX implementation for JSON.
Path to dependency file: /spring-boot-project/spring-boot-docs/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.2/765a6181653f4b05c18c7a9e8f5c1f8269bf9b2/jettison-1.2.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.2/765a6181653f4b05c18c7a9e8f5c1f8269bf9b2/jettison-1.2.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.2/765a6181653f4b05c18c7a9e8f5c1f8269bf9b2/jettison-1.2.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.2/765a6181653f4b05c18c7a9e8f5c1f8269bf9b2/jettison-1.2.jar
Dependency Hierarchy:
Found in HEAD commit: 12b99a3ee31b333f29415387505dfb45f75ced5f
Found in base branch: main
Vulnerability Details
A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data.
Publish Date: 2022-12-13
URL: CVE-2022-45685
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2022-12-13
Fix Resolution: org.codehaus.jettison:jettison:1.5.2
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: