Vulnerability Details CVE-2018-18854
Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service (resource consumption) because of Algorithmic Complexity during the parsing of many JSON object fields (with keys that have the same hash code).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 73.6%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2018-18854
-
cpe:2.3:a:lightbend:spray-json:0.5.0
-
cpe:2.3:a:lightbend:spray-json:0.5.1
-
cpe:2.3:a:lightbend:spray-json:0.5.2
-
cpe:2.3:a:lightbend:spray-json:0.5.3
-
cpe:2.3:a:lightbend:spray-json:0.5.4
-
cpe:2.3:a:lightbend:spray-json:1.0.0
-
cpe:2.3:a:lightbend:spray-json:1.0.1
-
cpe:2.3:a:lightbend:spray-json:1.1.0
-
cpe:2.3:a:lightbend:spray-json:1.1.1
-
cpe:2.3:a:lightbend:spray-json:1.2
-
cpe:2.3:a:lightbend:spray-json:1.2.1
-
cpe:2.3:a:lightbend:spray-json:1.2.2
-
cpe:2.3:a:lightbend:spray-json:1.2.3
-
cpe:2.3:a:lightbend:spray-json:1.2.4
-
cpe:2.3:a:lightbend:spray-json:1.2.5
-
cpe:2.3:a:lightbend:spray-json:1.2.6
-
cpe:2.3:a:lightbend:spray-json:1.3.0
-
cpe:2.3:a:lightbend:spray-json:1.3.1
-
cpe:2.3:a:lightbend:spray-json:1.3.2
-
cpe:2.3:a:lightbend:spray-json:1.3.3
-
cpe:2.3:a:lightbend:spray-json:1.3.4