Vulnerability

CVE-2021-27568

Report advisory or correction

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-754

References

https://github.com/netplex/json-smart-v1/issues/7

https://github.com/netplex/json-smart-v1/pull/8

https://github.com/netplex/json-smart-v2/issues/60

https://github.com/netplex/json-smart-v2/pull/61

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27568

[CVE-2021-27568] CWE-754: Improper Check for Unusual or Exceptional Conditions

Description

An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash or expose sensitive information.

See net.minidev/json-smart package information