PT-2022-6900 · Atlassian · Bitbucket Server+2
Bingdian-So
·
Published
2022-12-13
·
Updated
2025-12-22
·
CVE-2022-45688
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
hutool-json version 5.8.10
org.json:json versions prior to 20230227
Bitbucket Data Center and Server versions 7.17.0 through 8.12.0
Description
A stack overflow in the
XML.toJSONObject component allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data. This issue is related to a buffer overflow in memory, which can be exploited by a remote attacker to cause a denial of service. The vulnerability has a high impact on availability, with no impact on confidentiality or integrity, and requires no user interaction.Recommendations
For hutool-json version 5.8.10, consider disabling the
XML.toJSONObject component until a patch is available.
For org.json:json, upgrade to version 20230227 or later.
For Bitbucket Data Center and Server:- Version 7.21: Upgrade to a release greater than or equal to 7.21.16
- Version 8.9: Upgrade to a release greater than or equal to 8.9.4
- Version 8.10: Upgrade to a release greater than or equal to 8.10.4
- Version 8.11: Upgrade to a release greater than or equal to 8.11.3
- Version 8.12: Upgrade to a release greater than or equal to 8.12.1
Exploit
Fix
DoS
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bitbucket
Bitbucket Server
Jira