cbcvebase.
CVE-2024-21907
published 2024-01-03

CVE-2024-21907: Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the…

PriorityP355high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
32.91%
98.1th percentile
Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.

Affected

5 ranges
VendorProductVersion rangeFixed in
msrcmicrosoft_sql_server_2016_for_x64-based_systems_service_pack_3
msrcmicrosoft_sql_server_2016_for_x64-based_systems_service_pack_3_azure_connect_fea
msrcmicrosoft_sql_server_2017_for_x64-based_systems
msrcmicrosoft_sql_server_2019_for_x64-based_systems
newtonsoftjson.net< 13.0.113.0.1

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_msrc7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.