CVE-2019-1010239
7.5
HIGH
CVSS 3.1
EPSS 0.66%
Description
DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check for Unusual or Exceptional Conditions. The impact is: Null dereference, so attack can cause denial of service. The component is: cJSON_GetObjectItemCaseSensitive() function. The attack vector is: crafted json file. The fixed version is: 1.7.9 and later.
How to fix CVE-2019-1010239
To remediate CVE-2019-1010239, upgrade the affected package to a fixed version below.
- Debian/cjson—upgrade to 1.7.10-1 or later
Is CVE-2019-1010239 being exploited?
Low — EPSS is 0.7%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.7.10-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |