CVE-2022-25024

Published: Aug 22, 2023Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The json2xml package through 3.12.0 for Python allows an error in typecode decoding enabling a remote attack that can lead to an exception, causing a denial of service.

Affected (1)

Products: Vinitkumar: Json2xml

Vinitkumar

1 product

Json2xml

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Vinitkumar Json2xml	Up to 3.12.0

Related CWEs

CWE-754

Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

References (8)

https://github.com/vinitkumar/json2xml/issues/106

Source: cve@mitre.org

ExploitIssue TrackingPatch

https://github.com/vinitkumar/json2xml/pull/107

Source: cve@mitre.org

Issue TrackingPatch

https://github.com/vinitkumar/json2xml/pull/107/files

Source: cve@mitre.org

Patch

https://packaging.python.org/en/latest/guides/analyzing-pypi-package-downloads/

Source: cve@mitre.org

Product

https://github.com/vinitkumar/json2xml/issues/106

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingPatch

https://github.com/vinitkumar/json2xml/pull/107

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatch

https://github.com/vinitkumar/json2xml/pull/107/files

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://packaging.python.org/en/latest/guides/analyzing-pypi-package-downloads/

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.