Jawn is an open source JSON parser. Extenders of the `org.typelevel.jawn.SimpleFacade` and `org.typelevel.jawn.MutableFacade` who don't override `objectContext()` are vulnerable to a hash collision attack which may result in a denial of service. Most applications do not implement these traits directly, but inherit from a library. `jawn-parser-1.3.1` fixes this issue and users are advised to upgrade. For users unable to upgrade override `objectContext()` to use a collision-safe collection.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| org.typelevel:jawn-parser_0.25(Maven) | 0 | N/A | N/A |
| org.typelevel:jawn-parserg(Maven) | 0 | N/A | N/A |
| org.typelevel:jawn-parser_0.27(Maven) | 0 | N/A | N/A |
| org.typelevel:jawn-parser_2.10(Maven) | 0 | N/A | N/A |
| org.typelevel:jawn-parser_2.11(Maven) | 0 | N/A | N/A |
| org.typelevel:jawn-parser_2.12(Maven) | 0 | 1.3.2 | N/A |
| org.typelevel:jawn-parser_2.13(Maven) | 0 | 1.3.2 | N/A |
| org.typelevel:jawn-parser_2.13.0-M5(Maven) | 0 | N/A | N/A |
| org.typelevel:jawn-parser_2.13.0-RC1(Maven) | 0 | N/A | N/A |
| org.typelevel:jawn-parser_2.13.0-RC2(Maven) | 0 | N/A | N/A |
| org.typelevel:jawn-parser_2.13.0-RC3(Maven) | 0 | N/A | N/A |
| org.typelevel:jawn-parser_3(Maven) | 0 | 1.3.2 | N/A |
| org.typelevel:jawn-parser_3.0.0-M1(Maven) | 0 | N/A | N/A |
| org.typelevel:jawn-parser_3.0.0-M2(Maven) | 0 | N/A | N/A |
| org.typelevel:jawn-parser_3.0.0-M3(Maven) | 0 | N/A | N/A |
| org.typelevel:jawn-parser_3.0.0-RC1(Maven) | 0 | N/A | N/A |
| org.typelevel:jawn-parser_3.0.0-RC2(Maven) | 0 | N/A | N/A |
| org.typelevel:jawn-parser_3.0.0-RC3(Maven) | 0 | N/A | N/A |
CVSS Metrics
