OESA-2023-1914

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1914
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2023-1914.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2023-1914
Upstream
Published
2023-12-15T11:06:28Z
Modified
2025-08-12T05:14:54.685209Z
Summary
jettison security update
Details

Jettison is a collection of Java APIs (like STaX and DOM) which read and write JSON. This allows nearly transparent enablement of JSON based web services in services frameworks like CXF or XML serialization frameworks like XStream.

Security Fix(es):

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.(CVE-2022-40149)

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack.(CVE-2022-40150)

A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data.(CVE-2022-45685)

Jettison before v1.5.2 was discovered to contain a stack overflow via the map parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.(CVE-2022-45693)

Database specific 
{
    "severity": "High"
}
References

Affected packages

openEuler:20.03-LTS-SP1

jettison

Package

Name
jettison
Purl
pkg:rpm/openEuler/jettison&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5.4-1.oe1

Ecosystem specific 

{
    "noarch": [
        "jettison-1.5.4-1.oe1.noarch.rpm",
        "jettison-javadoc-1.5.4-1.oe1.noarch.rpm"
    ],
    "src": [
        "jettison-1.5.4-1.oe1.src.rpm"
    ]
}

openEuler:20.03-LTS-SP3

jettison

Package

Name
jettison
Purl
pkg:rpm/openEuler/jettison&distro=openEuler-20.03-LTS-SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5.4-1.oe1

Ecosystem specific 

{
    "noarch": [
        "jettison-1.5.4-1.oe1.noarch.rpm",
        "jettison-javadoc-1.5.4-1.oe1.noarch.rpm"
    ],
    "src": [
        "jettison-1.5.4-1.oe1.src.rpm"
    ]
}

openEuler:22.03-LTS

jettison

Package

Name
jettison
Purl
pkg:rpm/openEuler/jettison&distro=openEuler-22.03-LTS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5.4-1.oe2203sp2

Ecosystem specific 

{
    "noarch": [
        "jettison-1.5.4-1.oe2203.noarch.rpm",
        "jettison-javadoc-1.5.4-1.oe2203.noarch.rpm",
        "jettison-javadoc-1.5.4-1.oe2203sp1.noarch.rpm",
        "jettison-1.5.4-1.oe2203sp1.noarch.rpm",
        "jettison-javadoc-1.5.4-1.oe2203sp2.noarch.rpm",
        "jettison-1.5.4-1.oe2203sp2.noarch.rpm"
    ],
    "src": [
        "jettison-1.5.4-1.oe2203.src.rpm",
        "jettison-1.5.4-1.oe2203sp1.src.rpm",
        "jettison-1.5.4-1.oe2203sp2.src.rpm"
    ]
}

openEuler:22.03-LTS-SP1

jettison

Package

Name
jettison
Purl
pkg:rpm/openEuler/jettison&distro=openEuler-22.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5.4-1.oe2203sp1

Ecosystem specific 

{
    "noarch": [
        "jettison-javadoc-1.5.4-1.oe2203sp1.noarch.rpm",
        "jettison-1.5.4-1.oe2203sp1.noarch.rpm"
    ],
    "src": [
        "jettison-1.5.4-1.oe2203sp1.src.rpm"
    ]
}

openEuler:22.03-LTS-SP2

jettison

Package

Name
jettison
Purl
pkg:rpm/openEuler/jettison&distro=openEuler-22.03-LTS-SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5.4-1.oe2203sp2

Ecosystem specific 

{
    "noarch": [
        "jettison-javadoc-1.5.4-1.oe2203sp2.noarch.rpm",
        "jettison-1.5.4-1.oe2203sp2.noarch.rpm"
    ],
    "src": [
        "jettison-1.5.4-1.oe2203sp2.src.rpm"
    ]
}