Home > Vulnerability Database > CVE-2023-51074

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2023-51074

Good to know:

Date: December 26, 2023

json-path v2.8.0 was discovered to contain a stack overflow via the Criteria.parse() method.

Language: Java

Severity Score

5.3

Related Resources (6)

Url: https://github.com/json-path/JsonPath/releases/tag/json-path-2.9.0

Url: https://github.com/json-path/JsonPath/issues/973

Url: https://github.com/json-path/JsonPath

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-51074

Url: https://github.com/json-path/JsonPath/commit/71a09c1193726c010917f1157ecbb069ad6c3e3b

Url: https://www.mend.io/vulnerability-database/CVE-2023-51074

Severity Score

5.3

Weakness Type (CWE)

Out-of-bounds Write

CWE-787

Top Fix

Upgrade Version

Upgrade to version com.jayway.jsonpath:json-path:2.9.0

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

Do you need more information?

Contact Us