PT-2022-6898 · Unknown · Hutool-Json
Zander Huang
·
Published
2022-12-13
·
Updated
2025-09-25
·
CVE-2022-45690
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
hutool-json version 5.8.10
Description
The issue is related to a stack overflow in the
org.json.JSONTokener.nextValue component of the hutool-json library, which can be exploited to cause a Denial of Service (DoS) via crafted JSON or XML data. This can allow a remote attacker to cause a service disruption.Recommendations
For hutool-json version 5.8.10, consider updating to a newer version that addresses this issue, as the current version is affected by a stack overflow vulnerability in the
org.json.JSONTokener.nextValue component.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
DoS
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hutool-Json