What is CVE-2023-1370?

CVE-2023-1370 is a high-severity vulnerability affecting the json-smart library. It allows for stack exhaustion due to unlimited nesting of JSON structures. Immediate patching is crucial to mitigate potential denial of service attacks.

What is the severity of CVE-2023-1370?

CVE-2023-1370 has a severity rating of HIGH with a CVSS base score of 7.5.

CVE-2023-1370 | High Vulnerability in json-smart Project

CVE-2023-1370 is a high-severity vulnerability affecting the json-smart library, a performance-focused JSON processor. The vulnerability arises from a lack of limits on the nesting of arrays and objects within JSON input, leading to potential stack exhaustion.

The CVSS score for this vulnerability is 7.5, indicating a high level of severity. This score reflects the potential for denial of service attacks due to stack overflow caused by excessive nesting of JSON structures.

Risk to organizations includes service interruption and potential crashes of applications using the library. Attackers may leverage this vulnerability to produce JSON inputs that exceed the stack limits, leading to application crashes.

Given the high severity of this vulnerability, organizations should prioritize patching immediately. Failure to do so may expose systems to denial of service risks.

Vulnerability Details

The vulnerability allows for stack exhaustion due to the lack of limits on JSON input parsing. Specifically, when encountering a ‘[‘ or ‘{‘ character, the code parses arrays or objects recursively without any nesting limits.

The CVSS score of 7.5 indicates a high severity level, with an availability impact rated as high. The affected product is the json-smart, specifically versions prior to 2.4.9.

The CWE classification for this vulnerability is CWE-674, indicating a lack of restriction on the depth of data structures.

Technical Analysis

The root cause of CVE-2023-1370 lies in the recursive nature of the parsing algorithm used by the json-smart library. The attack vector is network-based, allowing attackers to send specially crafted JSON inputs to the vulnerable application.

The attack complexity is considered low, as no special privileges or user interaction is required to exploit this vulnerability. The impact on availability is significant, as the application may crash due to stack exhaustion.

The vulnerability does not affect confidentiality or integrity, making it strictly an availability issue.

Risk & Impact Analysis

Organizations utilizing the json-smart library should assess their exposure to this vulnerability. The potential for denial of service impacts not only the affected application but can also disrupt services relying on it.

The blast radius could extend to all systems that depend on json-smart for JSON processing, increasing the urgency for remediation.

Given the CVSS score and the absence of known exploits, organizations are still encouraged to address this vulnerability in their priority patch cycles to prevent potential service disruptions.

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected versions of json-smart are all versions prior to 2.4.9. Organizations should ensure they upgrade to the latest version to mitigate this vulnerability.

Mitigation & Remediation

Organizations should prioritize patching to version 2.4.9 or later. In the absence of an immediate patch, consider implementing input validation to restrict the depth of JSON input.

For ongoing security, organizations may consider using penetration testing to identify similar weaknesses in their software.

Detection Guidance

Monitoring logs for unusual patterns in JSON processing can help detect attempts to exploit this vulnerability. Additionally, organizations should look for application crashes that may indicate stack exhaustion.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2023-1370 highlights the necessity for robust limits on data structure parsing in libraries. This pattern of vulnerabilities can serve as a reminder for security teams to implement strict input validation.

Organizations should also be aware of similar vulnerabilities in other libraries and ensure regular security assessments are conducted to identify such issues.

To enhance security posture, teams should adopt a proactive approach to secure coding practices and consider engaging in penetration testing methodology to address potential vulnerabilities before they can be exploited.

Additionally, organizations should consider incorporating vulnerability management programs into their security practices to ensure ongoing protection against similar threats.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2023-1370: High Vulnerability in json-smart Project