Bingdian-So

**Name of the Vulnerable Software and Affected Versions** Jettison versions prior to 1.5.2 Bitbucket Data Center and Server versions 7.17.0 through 8.12.0 **Description** A stack overflow in Jettison allows attackers to cause a Denial of Service (DoS) via crafted JSON data. This issue has a high impact on availability, with no impact on confidentiality and integrity, and requires no user interaction. **Recommendations** For Jettison, upgrade to version 1.5.2 or later. For Bitbucket Data Center and Server 7.21, upgrade to a release greater than or equal to 7.21.15. For Bitbucket Data Center and Server 8.9, upgrade to a release greater than or equal to 8.9.4. For Bitbucket Data Center and Server 8.10, upgrade to a release greater than or equal to 8.10.4. For Bitbucket Data Center and Server 8.11, upgrade to a release greater than or equal to 8.11.3. For Bitbucket Data Center and Server 8.12, upgrade to a release greater than or equal to 8.12.1.

**Name of the Vulnerable Software and Affected Versions** Jettison versions prior to 1.5.2 **Description** The issue allows attackers to cause a Denial of Service (DoS) via a crafted string, exploiting a stack overflow vulnerability through the `map` parameter. **Recommendations** For versions prior to 1.5.2, update to version 1.5.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `map` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** hutool-json version 5.8.10 org.json:json versions prior to 20230227 Bitbucket Data Center and Server versions 7.17.0 through 8.12.0 **Description** A stack overflow in the `XML.toJSONObject` component allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data. This issue is related to a buffer overflow in memory, which can be exploited by a remote attacker to cause a denial of service. The vulnerability has a high impact on availability, with no impact on confidentiality or integrity, and requires no user interaction. **Recommendations** For hutool-json version 5.8.10, consider disabling the `XML.toJSONObject` component until a patch is available. For org.json:json, upgrade to version 20230227 or later. For Bitbucket Data Center and Server: - Version 7.21: Upgrade to a release greater than or equal to 7.21.16 - Version 8.9: Upgrade to a release greater than or equal to 8.9.4 - Version 8.10: Upgrade to a release greater than or equal to 8.10.4 - Version 8.11: Upgrade to a release greater than or equal to 8.11.3 - Version 8.12: Upgrade to a release greater than or equal to 8.12.1

**Name of the Vulnerable Software and Affected Versions** MCMS version 5.2.27 **Description** A SQL injection issue was found in the `orderBy` parameter at the "/dict/list.do" API endpoint. This allows for potential exploitation. No information is provided about the estimated number of affected devices or real-world incidents. **Recommendations** For MCMS version 5.2.27, avoid using the `orderBy` parameter in the "/dict/list.do" API endpoint until a fix is available. As a temporary workaround, consider restricting access to this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.