CVE-2022-45690 — hutool-json stack overflow vulnerability

Description

A stack overflow in the org.json.JSONTokener.nextValue::JSONTokener.java component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.

How to fix CVE-2022-45690

To remediate CVE-2022-45690, upgrade the affected package to a fixed version below.

Maven/cn.hutool:hutool-json—upgrade to 5.8.11 or later

Is CVE-2022-45690 being exploited?

Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 5.8.11

References (5)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2022-45690
PATCHgithub.com/dromara/hutool
WEBgithub.com/dromara/hutool/issues/2746
WEBgithub.com/stleary/JSON-java/commit/7a124d857dc8da1165c87fa788e53359a317d0f7
WEB