Jawn is an open source JSON parser. Extenders of the `org.typelevel.jawn.SimpleFacade` and `org.typelevel.jawn.MutableFacade` who don't override `objectContext()` are vulnerable to a hash collision attack which may result in a denial of service. Most applications do not implement these traits directly, but inherit from a library. `jawn-parser-1.3.1` fixes this issue and users are advised to upgrade. For users unable to upgrade override `objectContext()` to use a collision-safe collection.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - Jawn is an open source JSON parser. Extenders of the `org.typelevel.jawn.SimpleFacade` and     `org.typelevel.jawn.MutableFacade` who don't override `objectContext()` are vulnerable to a hash collision     attack which may result in a denial of service. Most applications do not implement these traits directly,     but inherit from a library. `jawn-parser-1.3.1` fixes this issue and users are advised to upgrade. For     users unable to upgrade override `objectContext()` to use a collision-safe collection. (CVE-2022-21653)

Note that Nessus relies on the presence of the package as reported by the vendor.

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2022:0106-1 advisory.

  - Jawn is an open source JSON parser. Extenders of the `org.typelevel.jawn.SimpleFacade` and     `org.typelevel.jawn.MutableFacade` who don't override `objectContext()` are vulnerable to a hash collision     attack which may result in a denial of service. Most applications do not implement these traits directly,     but inherit from a library. `jawn-parser-1.3.1` fixes this issue and users are advised to upgrade. For     users unable to upgrade override `objectContext()` to use a collision-safe collection. (CVE-2022-21653)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2022:0011-1 advisory.

  - Jawn is an open source JSON parser. Extenders of the `org.typelevel.jawn.SimpleFacade` and     `org.typelevel.jawn.MutableFacade` who don't override `objectContext()` are vulnerable to a hash collision     attack which may result in a denial of service. Most applications do not implement these traits directly,     but inherit from a library. `jawn-parser-1.3.1` fixes this issue and users are advised to upgrade. For     users unable to upgrade override `objectContext()` to use a collision-safe collection. (CVE-2022-21653)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
259443	Linux Distros Unpatched Vulnerability : CVE-2022-21653	Nessus	Misc.	high
156845	openSUSE 15 Security Update : jawn (openSUSE-SU-2022:0106-1)	Nessus	SuSE Local Security Checks	high
156637	openSUSE 15 Security Update : jawn (openSUSE-SU-2022:0011-1)	Nessus	SuSE Local Security Checks	high

Detections

Analytics

CVE-2022-21653

high

Tenable Plugins

high

high

high