CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-21653

Jawn is an open source JSON parser. Extenders of the `org.typelevel.jawn.SimpleFacade` and `org.typelevel.jawn.MutableFacade` who don't override `objectContext()` are vulnerable to a hash collision attack which may result in a denial of service. Most applications do not implement these traits directly, but inherit from a library. `jawn-parser-1.3.1` fixes this issue and users are advised to upgrade. For users unable to upgrade override `objectContext()` to use a collision-safe collection.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 35.0%

CVSS Severity

CVSS v3 Score 5.9

CVSS v2 Score 5.0

References

Products affected by CVE-2022-21653

Typelevel » Jawn » Version: 0.10.0

cpe:2.3:a:typelevel:jawn:0.10.0
Typelevel » Jawn » Version: 0.10.1

cpe:2.3:a:typelevel:jawn:0.10.1
Typelevel » Jawn » Version: 0.10.2

cpe:2.3:a:typelevel:jawn:0.10.2
Typelevel » Jawn » Version: 0.10.3

cpe:2.3:a:typelevel:jawn:0.10.3
Typelevel » Jawn » Version: 0.10.4

cpe:2.3:a:typelevel:jawn:0.10.4
Typelevel » Jawn » Version: 0.11.0

cpe:2.3:a:typelevel:jawn:0.11.0
Typelevel » Jawn » Version: 0.11.1

cpe:2.3:a:typelevel:jawn:0.11.1
Typelevel » Jawn » Version: 0.12.0

cpe:2.3:a:typelevel:jawn:0.12.0
Typelevel » Jawn » Version: 0.12.1

cpe:2.3:a:typelevel:jawn:0.12.1
Typelevel » Jawn » Version: 0.12.2

cpe:2.3:a:typelevel:jawn:0.12.2
Typelevel » Jawn » Version: 0.13.0

cpe:2.3:a:typelevel:jawn:0.13.0
Typelevel » Jawn » Version: 0.14.0

cpe:2.3:a:typelevel:jawn:0.14.0
Typelevel » Jawn » Version: 0.14.1

cpe:2.3:a:typelevel:jawn:0.14.1
Typelevel » Jawn » Version: 0.14.2

cpe:2.3:a:typelevel:jawn:0.14.2
Typelevel » Jawn » Version: 0.14.3

cpe:2.3:a:typelevel:jawn:0.14.3
Typelevel » Jawn » Version: 0.5.0

cpe:2.3:a:typelevel:jawn:0.5.0
Typelevel » Jawn » Version: 0.5.1

cpe:2.3:a:typelevel:jawn:0.5.1
Typelevel » Jawn » Version: 0.5.3

cpe:2.3:a:typelevel:jawn:0.5.3
Typelevel » Jawn » Version: 0.5.4

cpe:2.3:a:typelevel:jawn:0.5.4
Typelevel » Jawn » Version: 0.5.5

cpe:2.3:a:typelevel:jawn:0.5.5
Typelevel » Jawn » Version: 0.6.0

cpe:2.3:a:typelevel:jawn:0.6.0
Typelevel » Jawn » Version: 0.7.0

cpe:2.3:a:typelevel:jawn:0.7.0
Typelevel » Jawn » Version: 0.7.1

cpe:2.3:a:typelevel:jawn:0.7.1
Typelevel » Jawn » Version: 0.7.2

cpe:2.3:a:typelevel:jawn:0.7.2
Typelevel » Jawn » Version: 0.7.4

cpe:2.3:a:typelevel:jawn:0.7.4
Typelevel » Jawn » Version: 0.8.0

cpe:2.3:a:typelevel:jawn:0.8.0
Typelevel » Jawn » Version: 0.8.1

cpe:2.3:a:typelevel:jawn:0.8.1
Typelevel » Jawn » Version: 0.8.2

cpe:2.3:a:typelevel:jawn:0.8.2
Typelevel » Jawn » Version: 0.8.3

cpe:2.3:a:typelevel:jawn:0.8.3
Typelevel » Jawn » Version: 0.8.4

cpe:2.3:a:typelevel:jawn:0.8.4
Typelevel » Jawn » Version: 0.9.0

cpe:2.3:a:typelevel:jawn:0.9.0
Typelevel » Jawn » Version: 1.0.0

cpe:2.3:a:typelevel:jawn:1.0.0
Typelevel » Jawn » Version: 1.0.1

cpe:2.3:a:typelevel:jawn:1.0.1
Typelevel » Jawn » Version: 1.0.2

cpe:2.3:a:typelevel:jawn:1.0.2
Typelevel » Jawn » Version: 1.0.3

cpe:2.3:a:typelevel:jawn:1.0.3
Typelevel » Jawn » Version: 1.1.0

cpe:2.3:a:typelevel:jawn:1.1.0
Typelevel » Jawn » Version: 1.1.1

cpe:2.3:a:typelevel:jawn:1.1.1
Typelevel » Jawn » Version: 1.1.2

cpe:2.3:a:typelevel:jawn:1.1.2
Typelevel » Jawn » Version: 1.2.0

cpe:2.3:a:typelevel:jawn:1.2.0
Typelevel » Jawn » Version: 1.3.0

cpe:2.3:a:typelevel:jawn:1.3.0
Typelevel » Jawn » Version: 1.3.1

cpe:2.3:a:typelevel:jawn:1.3.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-21653

Products

Pricing

Contact Us