CGA-hwmr-55j2-h7vv

Published

Last updated

https://images.chainguard.dev/security/CGA-hwmr-55j2-h7vv

Package

druid

Latest Update

Pending upstream fix

Aliases

CVE-2022-40150
GHSA-x27m-9w8j-5vcw

Severity

7.5

High

CVSS V3

Summary

Jettison memory exhaustion

Description

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-40150
https://github.com/advisories/GHSA-x27m-9w8j-5vcw
https://github.com/jettison-json/jettison/issues/45
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46549
https://github.com/jettison-json/jettison
https://lists.debian.org/debian-lts-announce/2022/12/msg00045.html
https://www.debian.org/security/2023/dsa-5312

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-hwmr-55j2-h7vv

Severity

Summary

Description

References

Updates

Product

Why Chainguard

Customers

Company

Resources