{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-47855", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-11-07T19:16:27.375Z", "dateReserved": "2024-10-04T00:00:00", "datePublished": "2024-10-04T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-10-04T05:47:27.860241"}, "descriptions": [{"lang": "en", "value": "util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/kordamp/json-lib/commit/a0c4a0eae277130e22979cf307c95dec4005a78e"}, {"url": "https://github.com/kordamp/json-lib/compare/v3.0.3...v3.1.0"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-noinfo Not enough information"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-10-04T16:10:57.219946Z", "id": "CVE-2024-47855", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-07T19:16:27.375Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-47855", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-04T16:10:57.219946Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-04T16:11:05.373Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/kordamp/json-lib/commit/a0c4a0eae277130e22979cf307c95dec4005a78e"}, {"url": "https://github.com/kordamp/json-lib/compare/v3.0.3...v3.1.0"}], "descriptions": [{"lang": "en", "value": "util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-10-04T05:47:27.860241"}}}, "cveMetadata": {"cveId": "CVE-2024-47855", "state": "PUBLISHED", "dateUpdated": "2024-11-07T19:16:27.375Z", "dateReserved": "2024-10-04T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-10-04T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string."}, {"lang": "es", "value": "util/JSONTokener.java en JSON-lib anterior a 3.1.0 maneja incorrectamente una cadena de comentarios desequilibrada."}], "id": "CVE-2024-47855", "lastModified": "2024-11-07T20:35:11.733", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-10-04T06:15:04.093", "references": [{"source": "cve@mitre.org", "url": "https://github.com/kordamp/json-lib/commit/a0c4a0eae277130e22979cf307c95dec4005a78e"}, {"source": "cve@mitre.org", "url": "https://github.com/kordamp/json-lib/compare/v3.0.3...v3.1.0"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis"}

{"affected_release": [{"advisory": "RHSA-2025:2223", "cpe": "cpe:/a:redhat:ocp_tools:4.12::el8", "package": "jenkins-0:2.479.3.1740464431-3.el8", "product_name": "OCP-Tools-4.12-RHEL-8", "release_date": "2025-03-04T00:00:00Z"}, {"advisory": "RHSA-2025:2223", "cpe": "cpe:/a:redhat:ocp_tools:4.12::el8", "package": "jenkins-2-plugins-0:4.12.1740464689-1.el8", "product_name": "OCP-Tools-4.12-RHEL-8", "release_date": "2025-03-04T00:00:00Z"}, {"advisory": "RHSA-2025:2222", "cpe": "cpe:/a:redhat:ocp_tools:4.13::el8", "package": "jenkins-0:2.479.3.1740464433-3.el8", "product_name": "OCP-Tools-4.13-RHEL-8", "release_date": "2025-03-04T00:00:00Z"}, {"advisory": "RHSA-2025:2222", "cpe": "cpe:/a:redhat:ocp_tools:4.13::el8", "package": "jenkins-2-plugins-0:4.13.1740464698-1.el8", "product_name": "OCP-Tools-4.13-RHEL-8", "release_date": "2025-03-04T00:00:00Z"}, {"advisory": "RHSA-2025:2221", "cpe": "cpe:/a:redhat:ocp_tools:4.14::el8", "package": "jenkins-0:2.479.3.1740109575-3.el8", "product_name": "OCP-Tools-4.14-RHEL-8", "release_date": "2025-03-04T00:00:00Z"}, {"advisory": "RHSA-2025:2221", "cpe": "cpe:/a:redhat:ocp_tools:4.14::el8", "package": "jenkins-2-plugins-0:4.14.1740109868-1.el8", "product_name": "OCP-Tools-4.14-RHEL-8", "release_date": "2025-03-04T00:00:00Z"}, {"advisory": "RHSA-2025:2220", "cpe": "cpe:/a:redhat:ocp_tools:4.15::el8", "package": "jenkins-0:2.479.3.1740051993-3.el8", "product_name": "OCP-Tools-4.15-RHEL-8", "release_date": "2025-03-04T00:00:00Z"}, {"advisory": "RHSA-2025:2220", "cpe": "cpe:/a:redhat:ocp_tools:4.15::el8", "package": "jenkins-2-plugins-0:4.15.1740052174-1.el8", "product_name": "OCP-Tools-4.15-RHEL-8", "release_date": "2025-03-04T00:00:00Z"}, {"advisory": "RHSA-2025:2219", "cpe": "cpe:/a:redhat:ocp_tools:4.16::el9", "package": "jenkins-0:2.479.3.1739896390-3.el9", "product_name": "OCP-Tools-4.16-RHEL-9", "release_date": "2025-03-04T00:00:00Z"}, {"advisory": "RHSA-2025:2219", "cpe": "cpe:/a:redhat:ocp_tools:4.16::el9", "package": "jenkins-2-plugins-0:4.16.1739896683-1.el9", "product_name": "OCP-Tools-4.16-RHEL-9", "release_date": "2025-03-04T00:00:00Z"}, {"advisory": "RHSA-2025:2218", "cpe": "cpe:/a:redhat:ocp_tools:4.17::el9", "package": "jenkins-0:2.479.3.1739859586-3.el9", "product_name": "OCP-Tools-4.17-RHEL-9", "release_date": "2025-03-04T00:00:00Z"}, {"advisory": "RHSA-2025:2218", "cpe": "cpe:/a:redhat:ocp_tools:4.17::el9", "package": "jenkins-2-plugins-0:4.17.1739859908-1.el9", "product_name": "OCP-Tools-4.17-RHEL-9", "release_date": "2025-03-04T00:00:00Z"}], "bugzilla": {"description": "json-lib: Mishandling of an unbalanced comment string in json-lib", "id": "2316421", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316421"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified"}, "cwe": "CWE-1286", "details": ["util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string.", "A flaw was found in JSON-lib's JSONTokener component. This vulnerability allows a denial of service via an unbalanced comment string."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-47855", "package_state": [{"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Fix deferred", "package_name": "org.elasticsearch.plugin.prometheus-prometheus-exporter", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:8", "fix_state": "Will not fix", "package_name": "net.sf.json-lib/json-lib", "product_name": "Red Hat Data Grid 8"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Out of support scope", "package_name": "net.sf.json-lib/json-lib", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:7", "fix_state": "Out of support scope", "package_name": "net.sf.json-lib/json-lib", "product_name": "Red Hat JBoss Data Grid 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "fix_state": "Out of support scope", "package_name": "net.sf.json-lib/json-lib", "product_name": "Red Hat JBoss Enterprise Application Platform 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Not affected", "package_name": "net.sf.json-lib/json-lib", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Not affected", "package_name": "net.sf.json-lib/json-lib", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "fix_state": "Fix deferred", "package_name": "net.sf.json-lib/json-lib", "product_name": "Red Hat Single Sign-On 7"}, {"cpe": "cpe:/a:redhat:amq_streams:1", "fix_state": "Out of support scope", "package_name": "net.sf.json-lib/json-lib", "product_name": "streams for Apache Kafka"}], "public_date": "2024-10-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-47855\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-47855\nhttps://github.com/advisories/GHSA-wwcp-26wc-3fxm\nhttps://github.com/kordamp/json-lib/commit/a0c4a0eae277130e22979cf307c95dec4005a78e\nhttps://github.com/kordamp/json-lib/compare/v3.0.3...v3.1.0"], "threat_severity": "Moderate"}