OESA-2023-1966

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1966

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2023-1966.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2023-1966

Upstream

CVE-2023-1436

Published

2023-12-22T11:06:34Z

Modified

2025-08-12T05:17:37.044344Z

Summary

jettison security update

Details

Jettison is a collection of Java APIs (like STaX and DOM) which read and write JSON. This allows nearly transparent enablement of JSON based web services in services frameworks like CXF or XML serialization frameworks like XStream.

Security Fix(es):

An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.

(CVE-2023-1436)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:22.03-LTS / jettison

Package

Name: jettison
Purl: pkg:rpm/openEuler/jettison&distro=openEuler-22.03-LTS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.4-1.oe2203

Ecosystem specific

{
    "src": [
        "jettison-1.5.4-1.oe2203.src.rpm"
    ],
    "noarch": [
        "jettison-javadoc-1.5.4-1.oe2203.noarch.rpm",
        "jettison-1.5.4-1.oe2203.noarch.rpm"
    ]
}