CVE-2021-27568 Security Details

CVE ID

CVE-2021-27568

CWE

CWE-754

CVE Description

An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash or expose sensitive information.

Published

Mar 1, 2021

CVSS Score & Severity

5.9Medium

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.698%

Malware

malware

KEV Status

Not in KEV Catalog: No known exploits

Vulnerable Methods

net/minidev/json/parser/JSONParserBase.extractFloat()Ljava/lang/Number;

JVM

Affected Ecosystems

affected

Source

National Vulnerability Database

References

GitHub · Issue #7PROJECT

GitHub · PR #8PROJECT

GitHub · Issue #60PROJECT

GitHub · PR #61PROJECT