[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2023-1370":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":27,"aliases":37,"duplicate_of":9,"upstream":39,"downstream":40,"duplicates":57,"related":58,"reserved_at":9,"published_at":75,"modified_at":76,"state":77,"summary":78,"references_raw":86,"kevs":141,"epss":142,"epss_history":145,"metrics":393,"affected":403},"CVE-2023-1370","[Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib.\n\nWhen reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively.\n\nIt was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-674","Uncontrolled Recursion","The product does not properly control the amount of recursion that takes place,  consuming excessive resources, such as allocated memory or the program stack.","weakness","Draft","Class",[19,23],{"id":20,"name":21,"techniques":22},"CAPEC-230","Serialized Data with Nested Payloads",[],{"id":24,"name":25,"techniques":26},"CAPEC-231","Oversized Serialized Data Payloads",[],[28],{"_key":29,"name":30,"source":31,"url":32,"maturity":33,"reliability_score":34,"verified":35,"type":9,"platforms":36,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_0FB7D5486CD2C15D","Exploit Reference (research.jfrog.com)","reference","https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/","unknown",0.2,false,[],[38],"GHSA-493p-pfq6-5258",[],[41,43,45,47,49,51,53,55],{"_key":42},"UBUNTU-CVE-2023-1370",{"_key":44},"USN-6011-1",{"_key":46},"DLA-3373-1",{"_key":48},"RHSA-2023:3362",{"_key":50},"RHSA-2023:3622",{"_key":52},"DEBIAN-CVE-2023-1370",{"_key":54},"RHSA-2023:3663",{"_key":56},"RHSA-2023:3610",[],[59,61,63,65,67,69,71,73],{"_key":60},"CGA-4Q66-WFWV-4PRH",{"_key":62},"CGA-97FQ-P5P8-PRGR",{"_key":64},"CGA-C3JP-34PX-F3R6",{"_key":66},"CGA-F3C9-JR4V-WVFR",{"_key":68},"CGA-PJCG-Q8WF-65FX",{"_key":70},"CGA-QQ4C-GXPR-3WPP",{"_key":72},"CGA-X6H8-R56R-GM66",{"_key":74},"CGA-M9JQ-CJ7X-J3FW","2023-03-13T09:04:36.365Z","2025-02-27T19:09:50.662Z","Modified",{"cisa_kev":35,"cisa_ransomware":35,"cisa_vendor":9,"epss_severity":79,"epss_score":80,"severity":81,"severity_score":82,"severity_version":83,"severity_source":84,"severity_vector":85,"severity_status":77},"low",0.00015,"high",7.5,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",[87,93,97,103,108,112,116,120,125,129,133,137],{"url":32,"sources":88,"tags":90},[84,89],"nvd",[91,92],"Exploit","Third Party Advisory",{"url":94,"sources":95,"tags":96},"https://security.netapp.com/advisory/ntap-20240621-0006/",[84,89],[],{"url":98,"sources":99,"tags":101},"https://github.com/oswaldobapvicjr/jsonmerge/security/advisories/GHSA-493p-pfq6-5258",[100],"osv_maven",[102],"WEB",{"url":104,"sources":105,"tags":106},"https://nvd.nist.gov/vuln/detail/CVE-2023-1370",[100],[107],"Advisory",{"url":109,"sources":110,"tags":111},"https://github.com/netplex/json-smart-v2/issues/137",[100],[102],{"url":113,"sources":114,"tags":115},"https://github.com/netplex/json-smart-v2/commit/5b3205d051952d3100aa0db1535f6ba6226bd87a",[100],[102],{"url":117,"sources":118,"tags":119},"https://github.com/netplex/json-smart-v2/commit/e2791ae506a57491bc856b439d706c81e45adcf8",[100],[102],{"url":121,"sources":122,"tags":123},"https://github.com/oswaldobapvicjr/jsonmerge",[100],[124],"PACKAGE",{"url":126,"sources":127,"tags":128},"https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633",[100],[102],{"url":130,"sources":131,"tags":132},"https://security.netapp.com/advisory/ntap-20240621-0006",[100],[102],{"url":134,"sources":135,"tags":136},"https://security.snyk.io/vuln/SNYK-JAVA-NETMINIDEV-3369748",[100],[102],{"url":138,"sources":139,"tags":140},"https://www.cve.org/CVERecord?id=CVE-2023-1370",[100],[102],[],{"date":143,"score":80,"percentile":144},"2026-06-04",0.02973,[146,150,153,156,159,162,164,167,170,173,175,178,181,184,187,191,194,197,200,203,206,209,212,215,217,220,223,226,229,232,235,238,241,244,247,249,252,255,258,261,264,266,269,271,273,276,278,280,282,284,287,290,292,294,297,299,301,304,307,309,311,313,315,318,321,325,328,331,334,337,340,343,345,348,350,352,355,358,361,364,367,370,372,374,377,379,382,385,387,390],{"date":147,"score":148,"percentile":149},"2025-11-04",0.00012,0.01231,{"date":151,"score":148,"percentile":152},"2025-11-05",0.01251,{"date":154,"score":148,"percentile":155},"2025-11-06",0.01263,{"date":157,"score":148,"percentile":158},"2025-11-07",0.01266,{"date":160,"score":148,"percentile":161},"2025-11-08",0.01268,{"date":163,"score":148,"percentile":158},"2025-11-09",{"date":165,"score":148,"percentile":166},"2025-11-10",0.01256,{"date":168,"score":148,"percentile":169},"2025-11-11",0.01261,{"date":171,"score":148,"percentile":172},"2025-11-12",0.01262,{"date":174,"score":148,"percentile":161},"2025-11-13",{"date":176,"score":148,"percentile":177},"2025-11-14",0.01282,{"date":179,"score":148,"percentile":180},"2025-11-15",0.01297,{"date":182,"score":148,"percentile":183},"2025-11-16",0.01296,{"date":185,"score":148,"percentile":186},"2025-11-17",0.01288,{"date":188,"score":189,"percentile":190},"2025-11-18",0.0044,0.60515,{"date":192,"score":189,"percentile":193},"2025-11-19",0.60526,{"date":195,"score":189,"percentile":196},"2025-11-20",0.60516,{"date":198,"score":148,"percentile":199},"2025-11-21",0.01341,{"date":201,"score":148,"percentile":202},"2025-11-22",0.01339,{"date":204,"score":148,"percentile":205},"2025-11-23",0.01327,{"date":207,"score":148,"percentile":208},"2025-11-24",0.01321,{"date":210,"score":148,"percentile":211},"2025-11-25",0.01316,{"date":213,"score":148,"percentile":214},"2025-11-26",0.01254,{"date":216,"score":148,"percentile":214},"2025-11-27",{"date":218,"score":148,"percentile":219},"2025-11-28",0.01258,{"date":221,"score":148,"percentile":222},"2025-11-29",0.01294,{"date":224,"score":148,"percentile":225},"2025-11-30",0.01304,{"date":227,"score":148,"percentile":228},"2025-12-01",0.01331,{"date":230,"score":148,"percentile":231},"2025-12-02",0.01326,{"date":233,"score":148,"percentile":234},"2025-12-03",0.01329,{"date":236,"score":148,"percentile":237},"2025-12-04",0.01303,{"date":239,"score":148,"percentile":240},"2025-12-05",0.0132,{"date":242,"score":148,"percentile":243},"2025-12-06",0.01324,{"date":245,"score":148,"percentile":246},"2025-12-07",0.01322,{"date":248,"score":148,"percentile":246},"2025-12-08",{"date":250,"score":148,"percentile":251},"2025-12-09",0.01335,{"date":253,"score":148,"percentile":254},"2025-12-10",0.01348,{"date":256,"score":148,"percentile":257},"2025-12-11",0.01338,{"date":259,"score":148,"percentile":260},"2025-12-12",0.01337,{"date":262,"score":148,"percentile":263},"2025-12-13",0.01323,{"date":265,"score":148,"percentile":246},"2025-12-14",{"date":267,"score":148,"percentile":268},"2025-12-15",0.01318,{"date":270,"score":148,"percentile":243},"2025-12-16",{"date":272,"score":148,"percentile":243},"2025-12-17",{"date":274,"score":148,"percentile":275},"2025-12-18",0.01313,{"date":277,"score":148,"percentile":268},"2025-12-19",{"date":279,"score":148,"percentile":268},"2025-12-20",{"date":281,"score":148,"percentile":234},"2025-12-21",{"date":283,"score":148,"percentile":228},"2025-12-22",{"date":285,"score":148,"percentile":286},"2025-12-23",0.0133,{"date":288,"score":148,"percentile":289},"2025-12-24",0.01333,{"date":291,"score":148,"percentile":251},"2025-12-25",{"date":293,"score":148,"percentile":257},"2025-12-26",{"date":295,"score":148,"percentile":296},"2025-12-27",0.01332,{"date":298,"score":148,"percentile":228},"2025-12-28",{"date":300,"score":148,"percentile":208},"2025-12-29",{"date":302,"score":148,"percentile":303},"2025-12-30",0.01317,{"date":305,"score":148,"percentile":306},"2025-12-31",0.01314,{"date":308,"score":148,"percentile":260},"2026-01-01",{"date":310,"score":148,"percentile":289},"2026-01-02",{"date":312,"score":148,"percentile":251},"2026-01-03",{"date":314,"score":148,"percentile":225},"2026-01-04",{"date":316,"score":148,"percentile":317},"2026-01-05",0.0131,{"date":319,"score":148,"percentile":320},"2026-01-06",0.01305,{"date":322,"score":323,"percentile":324},"2026-01-07",0.00014,0.01839,{"date":326,"score":323,"percentile":327},"2026-01-08",0.01855,{"date":329,"score":323,"percentile":330},"2026-01-09",0.01874,{"date":332,"score":323,"percentile":333},"2026-01-10",0.01887,{"date":335,"score":323,"percentile":336},"2026-01-11",0.01876,{"date":338,"score":323,"percentile":339},"2026-01-12",0.01879,{"date":341,"score":323,"percentile":342},"2026-01-13",0.01871,{"date":344,"score":323,"percentile":336},"2026-01-14",{"date":346,"score":323,"percentile":347},"2026-01-15",0.01873,{"date":349,"score":323,"percentile":336},"2026-01-16",{"date":351,"score":323,"percentile":339},"2026-01-17",{"date":353,"score":323,"percentile":354},"2026-01-18",0.01889,{"date":356,"score":323,"percentile":357},"2026-01-19",0.01883,{"date":359,"score":323,"percentile":360},"2026-01-20",0.01868,{"date":362,"score":323,"percentile":363},"2026-01-21",0.01864,{"date":365,"score":323,"percentile":366},"2026-01-22",0.01858,{"date":368,"score":323,"percentile":369},"2026-01-23",0.01869,{"date":371,"score":323,"percentile":339},"2026-01-24",{"date":373,"score":323,"percentile":347},"2026-01-25",{"date":375,"score":323,"percentile":376},"2026-01-26",0.0187,{"date":378,"score":323,"percentile":363},"2026-01-27",{"date":380,"score":323,"percentile":381},"2026-01-28",0.01866,{"date":383,"score":323,"percentile":384},"2026-01-29",0.01882,{"date":386,"score":323,"percentile":384},"2026-01-30",{"date":388,"score":323,"percentile":389},"2026-01-31",0.01901,{"date":391,"score":323,"percentile":392},"2026-02-01",0.01926,[394,399,401],{"source":84,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":395,"cvss_v4_0":9},{"baseScore":82,"baseSeverity":396,"vectorString":85,"impactScore":397,"exploitabilityScore":398},"HIGH",6,10,{"source":89,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":400,"cvss_v4_0":9},{"baseScore":82,"baseSeverity":396,"vectorString":85,"impactScore":397,"exploitabilityScore":398},{"source":100,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":402,"cvss_v4_0":9},{"baseScore":82,"baseSeverity":9,"vectorString":85,"impactScore":397,"exploitabilityScore":398},[404,415,419],{"ecosystem":9,"name":405,"vendor":406,"product":405,"cpe_part":407,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":408},"json-smart","json-smart_project","a",[409],{"version":410,"is_range":411,"range_type":412,"version_start":9,"version_start_type":9,"version_end":413,"version_end_type":414,"fixed_in":9},"lt2.4.9",true,"cpe","2.4.9","excluding",{"ecosystem":9,"name":405,"vendor":405,"product":405,"cpe_part":407,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":416},[417],{"version":418,"is_range":411,"range_type":84,"version_start":9,"version_start_type":9,"version_end":413,"version_end_type":414,"fixed_in":9},"\u003C 2.4.9",{"ecosystem":420,"name":421,"vendor":422,"product":405,"cpe_part":9,"purl_type":423,"purl_namespace":422,"purl_name":405,"source":9,"versions":424},"Maven","net.minidev:json-smart","net.minidev","maven",[425],{"version":426,"is_range":411,"range_type":427,"version_start":9,"version_start_type":9,"version_end":413,"version_end_type":414,"fixed_in":9},"lt2_4_9","ecosystem"]