Skip to main content

Improper Handling of Exceptional Conditions

CVE-2024-21907

Severity High
Score 7.5/10

Summary

Newtonsoft.Json prior to version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the "JsonConvert.DeserializeObject" method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • HIGH

CWE-755 - Improper Handling of Exceptional Conditions

The software does not handle or incorrectly handles an exceptional condition.

Advisory Timeline

  • Published