An update for jettison is now available for openEuler-22.03-LTS-SP2 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2023-1968 Final 1.0 1.0 2023-12-22 Initial 2023-12-22 2023-12-22 openEuler SA Tool V1.0 2023-12-22 jettison security update An update for jettison is now available for openEuler-22.03-LTS-SP2. Jettison is a collection of Java APIs (like STaX and DOM) which read and write JSON. This allows nearly transparent enablement of JSON based web services in services frameworks like CXF or XML serialization frameworks like XStream. Security Fix(es): An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown. (CVE-2023-1436) An update for jettison is now available for openEuler-22.03-LTS-SP2. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High jettison https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1968 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-1436 https://nvd.nist.gov/vuln/detail/CVE-2023-1436 openEuler-22.03-LTS-SP2 jettison-1.5.4-1.oe2203sp2.noarch.rpm jettison-javadoc-1.5.4-1.oe2203sp2.noarch.rpm jettison-1.5.4-1.oe2203sp2.src.rpm An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown. 2023-12-22 CVE-2023-1436 openEuler-22.03-LTS-SP2 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H jettison security update 2023-12-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1968