-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| com.tencyle.fixes:org.codehaus.jettison--jettison | maven | = 1.1-tencyle-2.1.0 |
JavaJavaMiggo AIRoot Cause AnalysisThe vulnerability stems from improper handling of unterminated comments in JSON parsing. The fix in PR #49 explicitly addresses this by adding termination checks in JSONArray's parsing logic. The CWE-121 (stack overflow) alignment and OSS-Fuzz crash reports corroborate that uncontrolled recursion depth in parsing functions like nextValue is the root cause. The Debian security advisory and release notes for jettison-1.5.1 confirm this was a critical fix for the stack overflow vulnerability.
KEV Misses 88% of Exploited CVEs- Get the report