You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
升级到 20231013
GHSA-4jq9-2xhw-jpx7,分数: 8
Summary
A denial of service vulnerability in JSON-Java was discovered by "ClusterFuzz" (https://google.github.io/clusterfuzz/). A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used. There are two issues: (1) the parser bug can be used to circumvent a check that is supposed to prevent the key in a JSON object from itself being another JSON object; (2) if a key does end up being a JSON object then it gets converted into a string, using "\" to escape special characters, including "\" itself. So by nesting JSON objects, with a key that is a JSON object that has a key that is a JSON object, and so on, we can get an exponential number of "\" characters in the escaped string.
GHSA-3vqj-43w4-2q58,分数: 7.5
A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 and org.json:json before version 20230227 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.
阅读更多: https://osv.dev/vulnerability/GHSA-3vqj-43w4-2q58
升级到 1.6.0
GHSA-2qp4-g3q3-f92w,分数: 5.3
In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects.
阅读更多: https://osv.dev/vulnerability/GHSA-2qp4-g3q3-f92w
The text was updated successfully, but these errors were encountered:
json有个高位漏洞,需要升级下版本:
The text was updated successfully, but these errors were encountered: