Kag0

**Name of the Vulnerable Software and Affected Versions** jawn-parser versions prior to 1.3.1 org.typelevel :: jawn-ast versions prior to 0.8.0 **Description** Jawn is an open source JSON parser. Extenders of the `org.typelevel.jawn.SimpleFacade` and `org.typelevel.jawn.MutableFacade` who don't override `objectContext()` are vulnerable to a hash collision attack which may result in a denial of service. Most applications do not implement these traits directly, but inherit from a library. **Recommendations** For versions prior to 1.3.1, upgrade to `jawn-parser-1.3.1` or later. For users unable to upgrade, override `objectContext()` to use a collision-safe collection. As a temporary workaround, consider overriding `objectContext()` in `org.typelevel.jawn.SimpleFacade` and `org.typelevel.jawn.MutableFacade` to minimize the risk of exploitation.