An update for json-smart is now available for openEuler-22.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2023-1224 Final 1.0 1.0 2023-04-14 Initial 2023-04-14 2023-04-14 openEuler SA Tool V1.0 2023-04-14 json-smart security update An update for json-smart is now available for openEuler-22.03-LTS. Json-smart is a performance focused, JSON processor lib. Security Fix(es): [Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib. When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software.(CVE-2023-1370) An update for json-smart is now available for openEuler-22.03-LTS. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High json-smart https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1224 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-1370 https://nvd.nist.gov/vuln/detail/CVE-2023-1370 openEuler-22.03-LTS json-smart-2.2-2.oe2203.noarch.rpm json-smart-javadoc-2.2-2.oe2203.noarch.rpm json-smart-2.2-2.oe2203.src.rpm [Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib. When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software. 2023-04-14 CVE-2023-1370 openEuler-22.03-LTS High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H json-smart security update 2023-04-14 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1224