CVE-2024-47855
published 2024-10-04CVE-2024-47855: util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string.
PriorityP433medium5.3CVSS 3.1
AVNACLPRNUINSUCNINAL
EPSS
15.41%
96.4th percentile
util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libjson-java | < libjson-java 3.1.0+dfsg-1 (forky) | libjson-java 3.1.0+dfsg-1 (forky) |
| jenkins | filesystem_list_parameter_plugin | — | — |
| jenkins | jenkins_core | — | — |
| jenkins | jenkins_lts | — | — |
| jenkins | jenkins_weekly | — | — |
| jenkins | simple_queue_plugin | — | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
osv5.3MEDIUM
vendor_debian5.3MEDIUM
vendor_redhat5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2024-47855: util/JSONTokener
osv·2024-10-04·CVSS 5.3
CVE-2024-47855 [MEDIUM] CVE-2024-47855: util/JSONTokener
util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string.
GHSA
JSON-lib mishandles an unbalanced comment string
ghsa·2024-10-04
CVE-2024-47855 [MEDIUM] JSON-lib mishandles an unbalanced comment string
JSON-lib mishandles an unbalanced comment string
util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string.
OSV
JSON-lib mishandles an unbalanced comment string
osv·2024-10-04
CVE-2024-47855 [MEDIUM] JSON-lib mishandles an unbalanced comment string
JSON-lib mishandles an unbalanced comment string
util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string.
Jenkins
Jenkins Security Advisory 2024-11-27
vendor_jenkins·2024-11-27·CVSS 5.3
CVE-2024-47855 [MEDIUM] Jenkins Security Advisory 2024-11-27
Title: Jenkins Security Advisory 2024-11-27
Jenkins Security Advisory 2024-11-27
Jenkins Security Home
For Administrators
Overview
Terminology
Vulnerabilities and Scoring
Security Advisories
Security Issues
Advisory Schedule
Vulnerabilities in Plugins
How We Fix Security Issues
For Reporters
Reporting Vulnerabilities
Jenkins CNA
For Maintainers
Overview
Vulnerabilities in Plugins
Jenkins Security Team
About
Contributions
This advisory announces vulnerabilities in the following Jenkins deliverables:
Jenkins (core)
Filesystem List Parameter
Plugin
Simple Queue
Plugin
Descriptions
Denial of service vulnerability in bundled json-lib
SECURITY-3463
/
CVE-2024-47855
Severity (CVS
Red Hat
json-lib: Mishandling of an unbalanced comment string in json-lib
vendor_redhat·2024-10-04·CVSS 5.3
CVE-2024-47855 [MEDIUM] CWE-1286 json-lib: Mishandling of an unbalanced comment string in json-lib
json-lib: Mishandling of an unbalanced comment string in json-lib
util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string.
A flaw was found in JSON-lib's JSONTokener component. This vulnerability allows a denial of service via an unbalanced comment string.
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Package: org.elasticsearch.plugin.prometheus-prometheus-exporter (Logging Subsystem for Red Hat OpenShift) - Fix deferred
Package: net.sf.json-lib/json-lib (Red Hat Data Grid 8) - Will not fix
Package: net.sf.json-lib/json-lib (Red Hat Fuse 7) - Out of support
Debian
CVE-2024-47855: libjson-java - util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment ...
vendor_debian·2024·CVSS 5.3
CVE-2024-47855 [MEDIUM] CVE-2024-47855: libjson-java - util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment ...
util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string.
Scope: local
bookworm: open
bullseye: open
forky: resolved (fixed in 3.1.0+dfsg-1)
sid: resolved (fixed in 3.1.0+dfsg-1)
trixie: resolved (fixed in 3.1.0+dfsg-1)
No detection rules found.
No public exploits indexed.
Checkpoint
2nd December – Threat Intelligence Report
blogs_checkpoint·2024-12-02
CVE-2024-11680 2nd December – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 2nd December – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 2nd December, please download our Threat Intelligence Bulletin .
TOP ATTACKS AND BREACHES
Supply chain software provider Blue Yonder was hit by a ransomware attack, disrupting services for clients like Starbucks and UK grocery chains Morrisons and Sainsbury’s. The incident affected operations such as employee scheduling and payroll processing. Blue Yonder is collaborating with cybersecurity firms to recover an
Bugzilla
CVE-2024-47855 json-lib: Mishandling of an unbalanced comment string in json-lib
bugzilla·2024-10-04·CVSS 5.3
CVE-2024-47855 [MEDIUM] CVE-2024-47855 json-lib: Mishandling of an unbalanced comment string in json-lib
CVE-2024-47855 json-lib: Mishandling of an unbalanced comment string in json-lib
util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string.
Discussion:
This issue has been addressed in the following products:
OCP-Tools-4.16-RHEL-9
Via RHSA-2025:2219 https://access.redhat.com/errata/RHSA-2025:2219
---
This issue has been addressed in the following products:
OCP-Tools-4.13-RHEL-8
Via RHSA-2025:2222 https://access.redhat.com/errata/RHSA-2025:2222
---
This issue has been addressed in the following products:
OCP-Tools-4.17-RHEL-9
Via RHSA-2025:2218 https://access.redhat.com/errata/RHSA-2025:2218
---
This issue has been addressed in the following products:
OCP-Tools-4.15-RHEL-8
Via RHSA-2025:2220 https://access.redhat.com/errata/RHSA-2025:2220
---
2024-10-04
Published