CGA-q59p-3x22-vmq4

Published

Last updated

https://images.chainguard.dev/security/CGA-q59p-3x22-vmq4

Package

hadoop-fips-3.3.6

Repository

Chainguard

Latest Update

Fix not planned

Aliases

CVE-2023-1436
GHSA-q6g2-g7f3-rr83

Severity

Unknown

Summary

Jettison vulnerable to infinite recursion

Description

An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1436
https://github.com/advisories/GHSA-q6g2-g7f3-rr83
https://github.com/jettison-json/jettison/issues/60
https://github.com/jettison-json/jettison/pull/62
https://github.com/jettison-json/jettison
https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.4
https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CGA-q59p-3x22-vmq4

Severity

Summary

Description

References

Updates

Products

Why Chainguard

Customers

Company

Resources