CVE-2022-42227

Name of the Vulnerable Software and Affected Versions jsonlint version 1.0 MyBatis PageHelper versions 3.5.x through 5.3.x

Description The issue involves a heap-buffer-overflow in jsonlint and a time-blind SQL injection vulnerability in MyBatis PageHelper. The jsonlint vulnerability occurs via the /home/hjsz/jsonlint/src/lexer file. In MyBatis PageHelper, the vulnerability is exploited via the orderBy parameter.

Recommendations For jsonlint version 1.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For MyBatis PageHelper versions 3.5.x through 5.3.x, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider avoiding the use of the orderBy parameter in the affected API endpoint until the issue is resolved.