Cx46691637-14e8 @ Nuget-Newtonsoft.Json-9.0.1 #9
Description
Vulnerable Package issue exists @ Nuget-Newtonsoft.Json-9.0.1 in branch master
Newtonsoft.Json prior to version 13.0.1 is vulnerable to Insecure Defaults due to improper handling of StackOverFlow exception (SOE) whenever nested expressions are being processed. Exploiting this vulnerability results in Denial Of Service (DoS), and it is exploitable when an attacker sends 5 requests that cause SOE in time frame of 5 minutes. This vulnerability affects Internet Information Services (IIS) Applications.
Namespace: ytang1-godaddy
Repository: aws-cdk-examples
Repository Url: https://github.com/ytang1-godaddy/aws-cdk-examples
CxAST-Project: ytang1-godaddy/aws-cdk-examples
CxAST platform scan: 1cfbbe99-19ba-4d92-b481-354c9053d01f
Branch: master
Application: aws-cdk-examples
Severity: HIGH
State: NOT_IGNORED
Status: RECURRENT
CWE: CWE-755
Additional Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: NONE
Availability impact: HIGH
Remediation Upgrade Recommendation: 13.0.1
References
Advisory
Issue
Pull request
Commit
Release Note