Jawn is an open source JSON parser. Extenders of the org.typelevel.jawn.SimpleFacade
and org.typelevel.jawn.MutableFacade
who dont override objectContext()
are vulnerable to a hash collision attack which may result in a denial of service. Most applications do not implement these traits directly, but inherit from a library. jawn-parser-1.3.1
fixes this issue and users are advised to upgrade. For users unable to upgrade override objectContext()
to use a collision-safe collection.
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Jawn | Typelevel | * | 1.3.2 (excluding) |