Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Findings #19

Closed
GanbaruTobi opened this issue Feb 23, 2021 · 2 comments · Fixed by #24
Closed

Findings #19

GanbaruTobi opened this issue Feb 23, 2021 · 2 comments · Fixed by #24

Comments

@GanbaruTobi
Copy link

json-smart in both variants, json-smart-v1 and json-smart-v2, have an uncaught exception in the parser, which can lead to problems like DoS in webserver etc.

CVE-2021-27568

netplex/json-smart-v1#7
netplex/json-smart-v2#60

@fmeum
Copy link
Contributor

fmeum commented Feb 26, 2021

Hey, thanks for your interest in Jazzer and for sharing your findings with it! I will update the findings list.

For the future: If you decide that a bug you find should be considered a vulnerability, please disclose it only after the maintainers of the affected project have fixed the issue (or at least had a reasonable amount of time to do so).

fmeum added a commit that referenced this issue Feb 26, 2021
@fmeum fmeum closed this as completed in #24 Feb 26, 2021
fmeum added a commit that referenced this issue Feb 26, 2021
@GanbaruTobi
Copy link
Author

Indeed. Provided a fix for them.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants