cbcvebase.
CVE-2023-5072
published 2023-10-12

CVE-2023-5072: Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite…

PriorityP339high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.45%
70.0th percentile
Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.

Affected

13 ranges
VendorProductVersion rangeFixed in
atlassianbitbucket_data_center
debianjenkins-json< libjson-java 3.1.0+dfsg-1 (forky)libjson-java 3.1.0+dfsg-1 (forky)
debianlibjettison-java< libjson-java 3.1.0+dfsg-1 (forky)libjson-java 3.1.0+dfsg-1 (forky)
debianlibjson-java< libjson-java 3.1.0+dfsg-1 (forky)libjson-java 3.1.0+dfsg-1 (forky)
jenkinsdeployment_dashboard_plugin
jenkinsdingding_json_pusher_plugin
jenkinshtmlresource_plugin
jenkinsnexus_platform_plugin
jenkinsopenid_connect_authentication_plugin
jenkinspaaslane_estimate_plugin
jenkinsscriptler_plugin
jenkinssynopsys_rapid_scan_static_is_the_only_plugin
stlearyjson-java<= 20230618

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_debian7.5HIGH
vendor_oracle7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.