CVE-2022-40149

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-40149

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-40149.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-40149

Aliases

GHSA-56h3-78gp-v83r

Downstream

DEBIAN-CVE-2022-40149

DLA-3184-1

DSA-5312-1

OESA-2023-1914

OESA-2023-1965

RHSA-2023:0552

RHSA-2023:0553

RHSA-2023:0554

RHSA-2023:1043

RHSA-2023:1044

RHSA-2023:1045

RHSA-2023:3610

RHSA-2023:3663

RHSA-2025:4226

RHSA-2025:4437

UBUNTU-CVE-2022-40149

USN-6177-1

openSUSE-SU-2024:12388-1

Related

openSUSE-SU-2024:12388-1

Published

2022-09-16T10:15:09Z

Modified

2025-09-19T14:09:10.751610Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

References

Affected packages

Git / github.com/jettison-json/jettison

Affected ranges

Type: GIT
Repo: https://github.com/jettison-json/jettison
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

2b536fa46428bc7929aec8cb789f544337375593

Affected versions

jettison-1.*

jettison-1.3.8

jettison-1.4.0